Overview

overview

10

Static

static

3

SANTSSWK20...33.exe

windows7-x64

10

SANTSSWK20...33.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcd3269ebd515cd92d4b6259447208cc_JaffaCakes118

  • Size

    452KB

  • Sample

    240928-wcczva1ckh

  • MD5

    fcd3269ebd515cd92d4b6259447208cc

  • SHA1

    ba8771420594947049eeb6ab88cc62025032f808

  • SHA256

    c2c2b095360961b24b797f890e9d9e01e47151cce094b094179cb09472f74d12

  • SHA512

    7b43bd6d213b72e36958e89e6a7422e8064a2cfb7e9b657244956085c9d54fc11e910c70d262ff468f0a18e5880e236818303b778041445d3cbcfbacf3c0fec0

  • SSDEEP

    12288:Kitmw/wRC7GGQteXgaB5AJtfugcIkLu/ZlWCGoksfQ+mh:Ku0RCytPDzLlWPyVmh

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.mail.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    mother@200

Targets

    • Target

      SANTSSWK20100001 S-JF 2000133.exe

    • Size

      665KB

    • MD5

      b611aea937591e0ed71d5419c8db438e

    • SHA1

      332c092871569bd366a911768d242d2c6971cb8e

    • SHA256

      319379237e8c63327a6ce286135cb3355ee2a592742a70e03c00cc0c351d25f5

    • SHA512

      1036cb32909bb9ff18e53f986782f828e3742c37ef07505d7cbc59e480e573394df3bbb849c098de3e0aa7c7c7f5e598382b4261f4948be8839f7e96f48a2ac7

    • SSDEEP

      12288:qpZ75lNi/0ux6qCEt+Fys4wdakntbwYgeLiT1lNWkuIQQ18vOESA:qHvNC0etD8ntMEulEkaQ18X

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks