Overview

overview

10

Static

static

3

PO_9876563...UE.exe

windows7-x64

3

PO_9876563...UE.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO_9876563647-FLOWTRONIX (FT)UUE.exe

  • Size

    525KB

  • Sample

    241001-f5z23sxalf

  • MD5

    0fd28ed18e522b9eef69b57aa8bdbf8f

  • SHA1

    5eba649f7e0cead07e1788973b9deae4c54e7a46

  • SHA256

    3996fdec3ceac6027730777ec99f6870a9c76e3904a1d2c78cef954a7484090e

  • SHA512

    35c1798d1088999a2c605134525fc6d17bcbf5c9f25910c295992f9fa599965a857505f0570614b62de65cd9a24525636f6144d20f014e2e661df781c45b90d9

  • SSDEEP

    12288:zjEd+1wfcT78ZE9mBMnliO+CDbX1AlVtFtu6B:zjEdRfcT78ZE9munli/CDbXulDHu6B

Score
10/10
agenttesladiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.alternatifplastik.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Fineboy777@

Targets

    • Target

      PO_9876563647-FLOWTRONIX (FT)UUE.exe

    • Size

      525KB

    • MD5

      0fd28ed18e522b9eef69b57aa8bdbf8f

    • SHA1

      5eba649f7e0cead07e1788973b9deae4c54e7a46

    • SHA256

      3996fdec3ceac6027730777ec99f6870a9c76e3904a1d2c78cef954a7484090e

    • SHA512

      35c1798d1088999a2c605134525fc6d17bcbf5c9f25910c295992f9fa599965a857505f0570614b62de65cd9a24525636f6144d20f014e2e661df781c45b90d9

    • SSDEEP

      12288:zjEd+1wfcT78ZE9mBMnliO+CDbX1AlVtFtu6B:zjEdRfcT78ZE9munli/CDbXulDHu6B

    Score
    10/10
    discoveryagentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks