Overview

overview

10

Static

static

5

UnitedSapp...df.exe

windows7-x64

10

UnitedSapp...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4394ea9347502eef11fc4a684633d2ec2f0d411432f2a91827f09c5c3fa8a3b0

  • Size

    900KB

  • Sample

    240930-x2t54avflf

  • MD5

    910a198375b71d1156413714377be34b

  • SHA1

    18372feaf33371f01c797c9868372d0ea70b9459

  • SHA256

    4394ea9347502eef11fc4a684633d2ec2f0d411432f2a91827f09c5c3fa8a3b0

  • SHA512

    52d1e9eca34f30322c7cf89880e1f8cc59e2c1cc94bb52a2a674e513f22d0610a8fbd17615a14212461bde4e2a753a3a7404ff119cce2911aaeb84ff543f724b

  • SSDEEP

    12288:hgUt62HVEkB2F3Mm+wR2iBto2MwOcuGyM0/l1FVNbJ58W1oMa7zhwX+2j8FuJniT:hrj4guvo2MHiQZgW1Gtw9QKnWZZwxf4

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.myhydropowered.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    nW5AoStmqtxtXpA

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      UnitedSapphire 9-29-2024pdf.exe

    • Size

      1.2MB

    • MD5

      3daccc5999903142a500c645ae21f4e8

    • SHA1

      68ff02889411a89c26774b0b7f4552cd033ba9ca

    • SHA256

      319c7aa5fb4f848b813178c5b106a94c5dd94ec4b0a3332f1b34c53218285e89

    • SHA512

      b539c046a8579fd88e73037270d5415af97cae88e40cfb48da628267a56798ed9b7d1156726cf73cc5ff0a3d2b62cf11f7900684eaadf3570f5c2bf3eb22f520

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QL1B1gBkW1WZ89qelSZjUxf9:f3v+7/5QL6XN9ewD

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks