Overview

overview

10

Static

static

3

afb9b832b6...8d.exe

windows7-x64

1

afb9b832b6...8d.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    afb9b832b61a4c5152e1747afaed615fdfb2d79d42c4bc683ade8c0de25cde8d.exe

  • Size

    695KB

  • Sample

    240612-ce6v6aycql

  • MD5

    7a43598ff7b62a711389146aa6bd97aa

  • SHA1

    2855cb5c847938704dcae39267cff76cdc50c647

  • SHA256

    afb9b832b61a4c5152e1747afaed615fdfb2d79d42c4bc683ade8c0de25cde8d

  • SHA512

    f418d43d2e7a0b23fb3e509d6903b3d5e4fd12b37f0bd573ab84d1db51889f57488aa913ae88db3a2e3cfeb957e7ff969d358a37c793c9a703450607802a126d

  • SSDEEP

    12288:4W/RA5STkep6Mlqnl3LkcBDVXFamBD/UFHn0+HrBSxF6w7RTIYDX:4Mm5SH6MIl3LkGDhsmD/U0WO7xIc

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.svetigeorgije.co.rs
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    4c5H&b2whkD9

Targets

    • Target

      afb9b832b61a4c5152e1747afaed615fdfb2d79d42c4bc683ade8c0de25cde8d.exe

    • Size

      695KB

    • MD5

      7a43598ff7b62a711389146aa6bd97aa

    • SHA1

      2855cb5c847938704dcae39267cff76cdc50c647

    • SHA256

      afb9b832b61a4c5152e1747afaed615fdfb2d79d42c4bc683ade8c0de25cde8d

    • SHA512

      f418d43d2e7a0b23fb3e509d6903b3d5e4fd12b37f0bd573ab84d1db51889f57488aa913ae88db3a2e3cfeb957e7ff969d358a37c793c9a703450607802a126d

    • SSDEEP

      12288:4W/RA5STkep6Mlqnl3LkcBDVXFamBD/UFHn0+HrBSxF6w7RTIYDX:4Mm5SH6MIl3LkGDhsmD/U0WO7xIc

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks