Overview

overview

10

Static

static

3

PO for 410303-1.exe

windows7-x64

10

PO for 410303-1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cbc9d54ac0a7bada8af9f71f0ed98901_JaffaCakes118

  • Size

    820KB

  • Sample

    240830-2c3hdszbjd

  • MD5

    cbc9d54ac0a7bada8af9f71f0ed98901

  • SHA1

    522072694cc76c1485bf66c85af3bfb72fbb78f6

  • SHA256

    fbb8b61a2dadadfc1a302d3e47250ffdd9a57b0c8c8ca27b14738ca7951f2fa5

  • SHA512

    943544ec0931e0d7c10b59f6d61cce7a9da6af4cdc9e9b128c6c354e76fc45cd49c73797ca5afb506b12e833c208872fc2abf7a83cb5d29e6e5134d2be37bf9c

  • SSDEEP

    12288:bZdvG9gsBqk1k4z2pMD7ndyXVfdyZbWeHkxQUaUSJ8PA1um2Tetqx:/G9gsBKG20JQfdyFWQSOJoAZ2iA

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.hermanusbearings.co.za
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    $Victory2019$

Targets

    • Target

      PO for 410303-1.exe

    • Size

      758KB

    • MD5

      5bd75bc8b88d9815916e0b36c64380b1

    • SHA1

      a14715ddb87ea2f925cc2a8f2d2d83a2aa8da266

    • SHA256

      c948dcc56b42f0d4c74f972ef4e3af6ae09083af0dbf576ee28e48a93dbd2e7e

    • SHA512

      553ed15ce0aeef9a540a75d756a7896306a82f5faffe9461b79882dcb452adfa81b2c8b341c4c88fc3512f18639633caab916a7322df50edb9eb7d7d81651d88

    • SSDEEP

      12288:mZdvG9gsBqk1k4z2pMD7ndyXVfdyZbWeHkxQUaUSJ8PA1um2Tetqx:2G9gsBKG20JQfdyFWQSOJoAZ2iA

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks