Overview

overview

10

Static

static

3

tt copy 009921.exe

windows7-x64

10

tt copy 009921.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f9087855b44b5b45d88aa897c3b3e12a_JaffaCakes118

  • Size

    531KB

  • Sample

    240926-xsrzdawdkc

  • MD5

    f9087855b44b5b45d88aa897c3b3e12a

  • SHA1

    f1b79eb99ca3f6f2a46c048d8dd521621027a42d

  • SHA256

    44a14155e39f625261ae9a6dc74ee56d706f6109433060755a40f65234641046

  • SHA512

    a50a760a84075f9612a0977b76ca39a0d93541f3f4a2474db16f70852bce16f0a93ba5ee930f176e79d4d599468edd9b74e65adf0bb76d5fe996af722507108f

  • SSDEEP

    12288:KUPkwlqghRK8nIGid0s1Me9p691EAWRrxOXnlq1eeiaDk3DKm5ha:KwPYghnIGiysKuph4qidm

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.fanosethiopiatours.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    OPtamiue007

Targets

    • Target

      tt copy 009921.exe

    • Size

      996KB

    • MD5

      d2218e8a847345f48ce6595ba1055e29

    • SHA1

      468a985b52d39707425162e2c0a2a854c6e37d04

    • SHA256

      48120198618df212b02b4e08c9c7a90aea6b61b831faf373733f47f09c0046f3

    • SHA512

      c9d3110b77a56af7b3de8cf4152373f023e0ed86afe5008e6e71205ba84d0cd12bf5b4e3cf4c460276c154f633df271769b9e004ab112286538a00ea5170d884

    • SSDEEP

      12288:Ta1SY/r3ESmI+Kd0s1Ke9p69PEAWRrEru722H+VEiaDk3DKsbHP:G13D3ESt+KysksphjK5f

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks