Overview

overview

10

Static

static

5

fbb6e9ab66...27.exe

windows7-x64

10

fbb6e9ab66...27.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbb6e9ab6636a25ce0f0a0827b01d38efa00956e58e308426c2c084f7d567327

  • Size

    110.0MB

  • Sample

    241009-mglccazbjr

  • MD5

    1edd06b9ba882a25f723bdd7e0b2d2a7

  • SHA1

    1c7bc047c710c67be6985e525a130cc4b2c8add1

  • SHA256

    fbb6e9ab6636a25ce0f0a0827b01d38efa00956e58e308426c2c084f7d567327

  • SHA512

    276a843bed87d9dfb4f224db676ccb96ef6c8ad56fda26e4a052e159b653feec0d99d1dcc7c19c063409912fc773a22559c6a1f48b8cc3fbb26678b404d0bb14

  • SSDEEP

    24576:DCdxte/80jYLT3U1jfsWa4sqIUnfTRjPwzy34L3Q:Kw80cTsjkWa4sbUf9jPwo4k

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.solucionesmexico.mx
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    dGG^ZYIxX5!B

Targets

    • Target

      fbb6e9ab6636a25ce0f0a0827b01d38efa00956e58e308426c2c084f7d567327

    • Size

      110.0MB

    • MD5

      1edd06b9ba882a25f723bdd7e0b2d2a7

    • SHA1

      1c7bc047c710c67be6985e525a130cc4b2c8add1

    • SHA256

      fbb6e9ab6636a25ce0f0a0827b01d38efa00956e58e308426c2c084f7d567327

    • SHA512

      276a843bed87d9dfb4f224db676ccb96ef6c8ad56fda26e4a052e159b653feec0d99d1dcc7c19c063409912fc773a22559c6a1f48b8cc3fbb26678b404d0bb14

    • SSDEEP

      24576:DCdxte/80jYLT3U1jfsWa4sqIUnfTRjPwzy34L3Q:Kw80cTsjkWa4sbUf9jPwo4k

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks