Overview

overview

10

Static

static

3

KrokmouLoader.exe

windows10-2004-x64

10

KrokmouLoader.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KrokmouLoader.exe

  • Size

    13.1MB

  • Sample

    240906-wkk1es1ane

  • MD5

    8b2d7ca2a01a19f936e317066ae265c9

  • SHA1

    c4975ad6c47aad09956513a5c8d0bc2fe071ab4e

  • SHA256

    084f55dc8a85aa13027f9275f908f399f197c6570018e301eed3072fad966bb0

  • SHA512

    a8c4280d17b81f938a0a36060cfa52bfe8672ab512656d7424d370e13e8d30e1170ac9ca1067823c159042a13c8a128cc5de3a58be4daea1180bc789dd5808ae

  • SSDEEP

    393216:dUWz9Iz3I9sGLyR5No1JOs7yJZ0jJ7ksxGIEAROQ7g0cqm:G4ZmnmN7hjOIdw7f

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      KrokmouLoader.exe

    • Size

      13.1MB

    • MD5

      8b2d7ca2a01a19f936e317066ae265c9

    • SHA1

      c4975ad6c47aad09956513a5c8d0bc2fe071ab4e

    • SHA256

      084f55dc8a85aa13027f9275f908f399f197c6570018e301eed3072fad966bb0

    • SHA512

      a8c4280d17b81f938a0a36060cfa52bfe8672ab512656d7424d370e13e8d30e1170ac9ca1067823c159042a13c8a128cc5de3a58be4daea1180bc789dd5808ae

    • SSDEEP

      393216:dUWz9Iz3I9sGLyR5No1JOs7yJZ0jJ7ksxGIEAROQ7g0cqm:G4ZmnmN7hjOIdw7f

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks