Overview

overview

10

Static

static

5

aab3b5e870...6a.exe

windows7-x64

10

aab3b5e870...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aab3b5e870161ccd2363308759569ab4665f30556b9315a20308324f5980006a

  • Size

    1.1MB

  • Sample

    240727-bjndyaxapj

  • MD5

    72cb4446ad3b4de6f58f4eb022272b56

  • SHA1

    03459a7e5bed6238cb97b93ffac53787761a598f

  • SHA256

    aab3b5e870161ccd2363308759569ab4665f30556b9315a20308324f5980006a

  • SHA512

    232f74bd308ee4e4053fe7acead77e9f5c18ed5ee4fe1b1224bb981663a3203d3b33fb9551162a7b93c237fed1d16418da1c7c86aa1ef054edec156c119406e1

  • SSDEEP

    24576:FqDEvCTbMWu7rQYlBQcBiT6rprG8aFVEToLhmLHJH/:FTvC/MTQYxsWR7aFVZhq

Score
10/10
agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      aab3b5e870161ccd2363308759569ab4665f30556b9315a20308324f5980006a

    • Size

      1.1MB

    • MD5

      72cb4446ad3b4de6f58f4eb022272b56

    • SHA1

      03459a7e5bed6238cb97b93ffac53787761a598f

    • SHA256

      aab3b5e870161ccd2363308759569ab4665f30556b9315a20308324f5980006a

    • SHA512

      232f74bd308ee4e4053fe7acead77e9f5c18ed5ee4fe1b1224bb981663a3203d3b33fb9551162a7b93c237fed1d16418da1c7c86aa1ef054edec156c119406e1

    • SSDEEP

      24576:FqDEvCTbMWu7rQYlBQcBiT6rprG8aFVEToLhmLHJH/:FTvC/MTQYxsWR7aFVZhq

    Score
    10/10
    agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks