Overview

overview

10

Static

static

5

ESTEEM AST...df.exe

windows7-x64

10

ESTEEM AST...df.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd083c422853ed2a6270fd7be75e3b7f95f128f1496546993c381ac4818f1e99

  • Size

    664KB

  • Sample

    241115-crpseaxbrm

  • MD5

    714087d1b35ace0de854e1eb81ae92ce

  • SHA1

    ba47c52886ad925ae91cf916c0ce5eb69ff34bbb

  • SHA256

    bd083c422853ed2a6270fd7be75e3b7f95f128f1496546993c381ac4818f1e99

  • SHA512

    f644c22a56adb3ec7c872356abc8a184faf62d195fb47e9c4f7353459e461459c2636a8bdf67ba139f23485fd0e3f9d2eb3528f296393ed57f067295cbe3f213

  • SSDEEP

    12288:1qLgI3y6USQNM8siYWZPtAtzDonREguDVUYQeCKfnosQE26uV7:oEwGNM8nYFtARE6ewsQE26uV7

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      ESTEEM ASTRO PARTICULARS.pdf.exe

    • Size

      1.1MB

    • MD5

      177433242c915815b6c13dc992a2e82b

    • SHA1

      4ef6d9a9b024d0e43dbb797e90234e768299296c

    • SHA256

      1de2fa3a2ecc25fc9b28f0e4ba4156a89d2b536c04bafc7b83014a6c5dc9dfaf

    • SHA512

      bc0b3b8367ad592f652ba21d8e87899daebc5bdad3ebeddf72331d6ce5269e9df8a6bf81fb409b49325a4648d6f71b087a1f1a45292d63e3185e98fc90c19fc1

    • SSDEEP

      24576:jtb20pkaCqT5TBWgNQ7aIdoXsVfcwhoyVKMQXH6A:gVg5tQ7aIachfhSH5

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks