Overview

overview

10

Static

static

5

doc00240160102024.exe

windows7-x64

10

doc00240160102024.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc5e9d60a839f8247997611f02a9b5c420af23348f38e41a19418598affe026e

  • Size

    1.8MB

  • Sample

    241017-bslxgaxhmj

  • MD5

    7af1e690d7b280a7c2c98fa7a3958980

  • SHA1

    359bba749b5f37af3284c7141aa7cf96b52cb7ce

  • SHA256

    cc5e9d60a839f8247997611f02a9b5c420af23348f38e41a19418598affe026e

  • SHA512

    84b3e0b2d8d577fa343cab7afb3f78cbd7d75dc380fe5e55c5d4bd2aee21798a1aafb4c978f984e57e36b2f1540086f19ee5f431f491e99e9ff7002bbf5fca72

  • SSDEEP

    24576:zfmMv6Ckr7Mny5QLf54YXA7CDzfBBBC6zymkp0DwcU9YlMw:z3v+7/5QLfjXA76BB1XDC9K

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      doc00240160102024.exe

    • Size

      1.2MB

    • MD5

      d81ab6c2cb0115d3a880f63fab307815

    • SHA1

      bbbc611c795af3cbd62691df2be54466f0e7167b

    • SHA256

      1ac91534695ce502f642a4d21e772281dfef29bd555a315988e7a3a429a454ec

    • SHA512

      72d30f4fbc8057777563ca74a0665e3f03b8fbd2d34017b3295cef049efce21fa03082dbd1a3702ac9640dbc429e1a9b1b29ecbba71ead05ae1fdc381d563bb7

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLf54YXA7CDzfBBBC6zymkp0DwcU9YlMw2:f3v+7/5QLfjXA76BB1XDC9K+

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks