Overview

overview

10

Static

static

5

25e9b6be86...2f.exe

windows7-x64

10

25e9b6be86...2f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25e9b6be86f93e88af33a71ad3d418a5b521a0aef9b46fc49ea0e83cd2cabd2f.exe

  • Size

    1.2MB

  • Sample

    241009-bnxheaxfrk

  • MD5

    08ebe78053da43b0656fc0855803b5ba

  • SHA1

    50579fdae44d8115d1895c57495c0716e419cf6f

  • SHA256

    25e9b6be86f93e88af33a71ad3d418a5b521a0aef9b46fc49ea0e83cd2cabd2f

  • SHA512

    ee25a9acd087e989adf97a72a9d971c7c865325e98f595cfd9f9dda6028aa249499c7896f6f202c39af7fbe23e9308d9d81bd051b257c51d8ac006a648d4b61f

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLd49UBTzfObMkc9bLdYerMwEl1Gj:f3v+7/5QLdv2wkc9fd7rMwMw

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      25e9b6be86f93e88af33a71ad3d418a5b521a0aef9b46fc49ea0e83cd2cabd2f.exe

    • Size

      1.2MB

    • MD5

      08ebe78053da43b0656fc0855803b5ba

    • SHA1

      50579fdae44d8115d1895c57495c0716e419cf6f

    • SHA256

      25e9b6be86f93e88af33a71ad3d418a5b521a0aef9b46fc49ea0e83cd2cabd2f

    • SHA512

      ee25a9acd087e989adf97a72a9d971c7c865325e98f595cfd9f9dda6028aa249499c7896f6f202c39af7fbe23e9308d9d81bd051b257c51d8ac006a648d4b61f

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLd49UBTzfObMkc9bLdYerMwEl1Gj:f3v+7/5QLdv2wkc9fd7rMwMw

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks