Overview

overview

10

Static

static

5

0f30bd5220...2e.exe

windows7-x64

1

0f30bd5220...2e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    382e94e8a2027299728761e10c4f2be511e183634935e7c245da978a871bdd20

  • Size

    723KB

  • Sample

    240705-jxbw3avdqm

  • MD5

    22e5af4ce5095ca6f3a5efac3ece1e16

  • SHA1

    78f5e727dc6c8e1e1a45074aefa0e6fb03f889ed

  • SHA256

    382e94e8a2027299728761e10c4f2be511e183634935e7c245da978a871bdd20

  • SHA512

    a17aaee9bde1092ea8cf5a9b9b338faef2676280cad8ad35c5069394c3e2910c6526768b6c068610cd0a95d89de2c27420001e3ef80b60faaf4e5fb7d9856c6a

  • SSDEEP

    12288:oQll4xUQfff7Ga45cWEPYoKqlygllkvud75mpIxeeNMh10Vgz:/lYUkH7pLbRqFpIxxc

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      0f30bd5220de4c7fb2d426a392b5fcdbf1062b33a65761cb2af0d4732a2b2c2e.exe

    • Size

      1.1MB

    • MD5

      ceee05227b74e5a1e6d89f3b1cdfd24b

    • SHA1

      7c7038b477f3d68226abf7eb1f8b4e9b9cfae331

    • SHA256

      0f30bd5220de4c7fb2d426a392b5fcdbf1062b33a65761cb2af0d4732a2b2c2e

    • SHA512

      931eed40bcb985de50c631f1b2565edf4bcdc78d56d9e2b31c608a634367c227325152dc4644d498924bcc09d5a11f3ace19193b9d1ea4aa897747f2b073a4c9

    • SSDEEP

      24576:WAHnh+eWsN3skA4RV1Hom2KXMmHabDXVNuE25:xh+ZkldoPK8YabD3A

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks