Overview

overview

10

Static

static

5

7ca5ae708a...49.exe

windows7-x64

10

7ca5ae708a...49.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ca5ae708a538810d5dd0e35ae5c4b7da7af807e288762ba9a6bd16bc1e37849

  • Size

    1.3MB

  • Sample

    241017-bekggsxarq

  • MD5

    af2b5227e4d6d11ea8e146fa7ed70c4b

  • SHA1

    24458b9f9e70bf4e0fd66ecdec89bc9da5f4b5f7

  • SHA256

    7ca5ae708a538810d5dd0e35ae5c4b7da7af807e288762ba9a6bd16bc1e37849

  • SHA512

    a4192017f058aa57be1c35d0e9c8ead703b8f3d5ae384a2d83b07633a7a777d38933f89c1b1c5c0c4d4d3cc160204c04bbf3f1a657ac86a0ba86fe113a517fce

  • SSDEEP

    24576:+Cdxte/80jYLT3U1jfsWa1jBAkaldG9fXZau24GoQ:Xw80cTsjkWa1jC+Mu6

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.solucionesmexico.mx
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    dGG^ZYIxX5!B

Targets

    • Target

      7ca5ae708a538810d5dd0e35ae5c4b7da7af807e288762ba9a6bd16bc1e37849

    • Size

      1.3MB

    • MD5

      af2b5227e4d6d11ea8e146fa7ed70c4b

    • SHA1

      24458b9f9e70bf4e0fd66ecdec89bc9da5f4b5f7

    • SHA256

      7ca5ae708a538810d5dd0e35ae5c4b7da7af807e288762ba9a6bd16bc1e37849

    • SHA512

      a4192017f058aa57be1c35d0e9c8ead703b8f3d5ae384a2d83b07633a7a777d38933f89c1b1c5c0c4d4d3cc160204c04bbf3f1a657ac86a0ba86fe113a517fce

    • SSDEEP

      24576:+Cdxte/80jYLT3U1jfsWa1jBAkaldG9fXZau24GoQ:Xw80cTsjkWa1jC+Mu6

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks