Overview

overview

10

Static

static

3

ORDER LİSTESİ 3.exe

windows7-x64

3

ORDER LİSTESİ 3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f9e94eefacf735262bab9027a62749330de11c1140c3494355fc2873d20ae211

  • Size

    26KB

  • Sample

    240909-qb9pja1hje

  • MD5

    662438291e7019d3224d13ab73601a2b

  • SHA1

    198704a0c677625d9db35096ce61ec440f9b7995

  • SHA256

    f9e94eefacf735262bab9027a62749330de11c1140c3494355fc2873d20ae211

  • SHA512

    b832571aed40f6cc432c9e540042fc93975280ad4ee970b87ecd1c2e68744992a211e6a1149144ca4a59a79292f08b6715e8c5e8f02e0e8a8d957543628b9ff1

  • SSDEEP

    768:p+QUFKrPumxc80eyKA/uS7NCYfuMhqthKQXAHGcH0QQ:OFy2m10gA/uSVPhqthKQAGcH0z

Score
10/10
agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      ORDER LİSTESİ 3.exe

    • Size

      58KB

    • MD5

      04140d43f8950a9f31832b98f1fee497

    • SHA1

      99b9c1fc286a5f8680d7256488a1b8289bc63f7b

    • SHA256

      e34846ea6a307cbb749dcf880d83378a592e87b658dd30b4a761e561df78194c

    • SHA512

      50ac9b7b208688679157a3c058fe2a46ed4cc9e24d2972c252c10c7c62e629448ece8d7dda8b130990273e57f02ccbc7a60a4b1de535472a925b11316949217e

    • SSDEEP

      1536:KQ5Wjncz4iijM3CEF/7GmqbMY7usiY9hkX:r5Wjcz4iiA7GmCMY7pdkX

    Score
    10/10
    discoveryagentteslacredential_accesskeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks