Overview

overview

10

Static

static

5

ef17147e33...a0.exe

windows7-x64

10

ef17147e33...a0.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ef17147e33c9440b8863c99bc8676b3d7e995e7b927d11b4671912a533febda0

  • Size

    1.1MB

  • Sample

    240530-bhbczshg48

  • MD5

    0cd2369301fce04c344e37e93d904f13

  • SHA1

    fdcdbfb908136c4753143787c8f71b26432b5eed

  • SHA256

    ef17147e33c9440b8863c99bc8676b3d7e995e7b927d11b4671912a533febda0

  • SHA512

    44710c3acb7359adcd2411501b9dd2b8028731cd2b607547aa3d8bc9bcf73a582035dd389b06af8b2b8174cbdb3c177e687abcf09b12b573296d8c6389ba2404

  • SSDEEP

    24576:H4lavt0LkLL9IMixoEgea1qsykyuGeq9MmCS2:ikwkn9IMHea1q8zaPCS2

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      ef17147e33c9440b8863c99bc8676b3d7e995e7b927d11b4671912a533febda0

    • Size

      1.1MB

    • MD5

      0cd2369301fce04c344e37e93d904f13

    • SHA1

      fdcdbfb908136c4753143787c8f71b26432b5eed

    • SHA256

      ef17147e33c9440b8863c99bc8676b3d7e995e7b927d11b4671912a533febda0

    • SHA512

      44710c3acb7359adcd2411501b9dd2b8028731cd2b607547aa3d8bc9bcf73a582035dd389b06af8b2b8174cbdb3c177e687abcf09b12b573296d8c6389ba2404

    • SSDEEP

      24576:H4lavt0LkLL9IMixoEgea1qsykyuGeq9MmCS2:ikwkn9IMHea1q8zaPCS2

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks