Overview

overview

10

Static

static

3

Request fo...td.exe

windows7-x64

3

Request fo...td.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    87df3b09e4115797453ea4720d8f6e90e7eea1b8848d2af846688267f5d4ec48.rar

  • Size

    4KB

  • Sample

    241009-wmftgsvdqg

  • MD5

    bf1c8c86165998637395a0a313e365ff

  • SHA1

    85d0e1cb4e73228bbfbfcd41325640fb4a5f9b05

  • SHA256

    87df3b09e4115797453ea4720d8f6e90e7eea1b8848d2af846688267f5d4ec48

  • SHA512

    a91b327d182737003c7bfeb27159cb6cdea52a5e580159dc2168ff080e5a2077f70792e7f929882320048b6836ceecb47b35a64b78c24677db88c4056ce03edb

  • SSDEEP

    96:6gMSysO7pk7NBv9KqknOtRes+TTXNhXCrVkpEQ8Evzw24ugc:6PTX7ONp8OtRv+TTdRCWPpZH

Score
10/10
agenttesladiscoverykeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.alternatifplastik.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Fineboy777@

Targets

    • Target

      Request for Quotation-8479203739-002-MMA Offshore Asia Pte. Ltd.exe

    • Size

      9KB

    • MD5

      578dd3a1f0f3bd74315a0ff6827bd041

    • SHA1

      d380310401b85cfa62481b7401852fb54e37ab2f

    • SHA256

      a9d3f36d598d2a49ebdb2e57abf37f02da9bb15227cc3d98f1ada8f008822f78

    • SHA512

      f9e696e6a986e20083d6b2ac10ddd001cc1d69afec469a812953909797024347e03a7f80b64f8d3358f917b334d7360cbf59ed862faee4adf20d1e2eea16c66c

    • SSDEEP

      192:7NIt0gTQjecQfczbYv8SwpknnlEu7T56:JxGMecQEzxlpkn2a

    Score
    10/10
    discoveryagentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks