Overview

overview

10

Static

static

5

ΕΠΙΒΕ...Σ.exe

windows7-x64

10

ΕΠΙΒΕ...Σ.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1a56f47cdf859bd26b4d10bb04645d287d47995b192d3e357ae27d683c85599

  • Size

    839KB

  • Sample

    241017-bekggsxarp

  • MD5

    26b313b7305d42c072e58e81f389ce39

  • SHA1

    faa7e0d93ce3a8048fea2ab5a7d8954c59a5805d

  • SHA256

    b1a56f47cdf859bd26b4d10bb04645d287d47995b192d3e357ae27d683c85599

  • SHA512

    c4e661a8524fa7b71bc3efb7aa89f78265a9b9a1c11f9bf562a6c84fb0700b86f37ffb1426d57ef67ebb7af73078321697d40cfbadef6947b086aff6623f90bb

  • SSDEEP

    24576:UWKawg+K7zhmiPc92R8vkR5RqCK2AqC1MBqX3PZ:uawUXhIARqx2AqC8qXfZ

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.solucionesmexico.mx
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    dGG^ZYIxX5!B

Targets

    • Target

      ΕΠΙΒΕΒΑΙΩΣΗ ΤΗΣ ΠΑΡΑΓΓΕΛΙΑΣ.exe

    • Size

      1.3MB

    • MD5

      af2b5227e4d6d11ea8e146fa7ed70c4b

    • SHA1

      24458b9f9e70bf4e0fd66ecdec89bc9da5f4b5f7

    • SHA256

      7ca5ae708a538810d5dd0e35ae5c4b7da7af807e288762ba9a6bd16bc1e37849

    • SHA512

      a4192017f058aa57be1c35d0e9c8ead703b8f3d5ae384a2d83b07633a7a777d38933f89c1b1c5c0c4d4d3cc160204c04bbf3f1a657ac86a0ba86fe113a517fce

    • SSDEEP

      24576:+Cdxte/80jYLT3U1jfsWa1jBAkaldG9fXZau24GoQ:Xw80cTsjkWa1jC+Mu6

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks