Overview

overview

10

Static

static

1

ba53e28462...61.eml

windows7-x64

10

ba53e28462...61.eml

windows10-2004-x64

3

Resubmissions

19/06/2024, 09:41

240619-ln4a3aseqn 10

19/06/2024, 09:37

240619-llwhfaxhpc 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba53e28462f5be2540824ccde6aeb615c2f3d161.eml.tar.gz

  • Size

    732KB

  • Sample

    240619-ln4a3aseqn

  • MD5

    0280edcb15c91c6234d912c532a9ae7e

  • SHA1

    7341c261ae79c9324ec12ffc094f848ab62fbc87

  • SHA256

    373038f90abd4f4195e51d793f26e657c876997a0591ff4309f74aeaef701a7a

  • SHA512

    98774710dd8eb8d07f19f178d7405ec00ca25ae230543fc100fbf68ae0d9d95975f3c679729b375da5ea589e7cd32c0669b1270f285682a49ec6421d927653b7

  • SSDEEP

    12288:x7WZTzNoiFXzE8Kv0mn6SHUs5S+BrBzAe0NJ9+XUjzuufRZU21as:OVoidbM8SHa+3WtjtZnl

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      ba53e28462f5be2540824ccde6aeb615c2f3d161.eml

    • Size

      970KB

    • MD5

      fcf740695035341857f58def98e6aec7

    • SHA1

      ba53e28462f5be2540824ccde6aeb615c2f3d161

    • SHA256

      f04bcf8afdb7836f84801c68c8912f2602978faf7f5b45ba5a13309dcd49948e

    • SHA512

      6876c2ddeccadc5c60ef02fd68f1f4d98dd55085ff1ce722ed2e13c7751d0e4b845929ca6884297c8e26ba6dbb57142574f4b8ecb65475b6991c8626df64c199

    • SSDEEP

      24576:qqR2sL8XSmsdcTN7qXxWCeMFA5V3JCLbU9S5W0c7f:LLASmcc+Wr8Y+cr

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks