Overview

overview

10

Static

static

5

254a51f1b5...ca.exe

windows7-x64

10

254a51f1b5...ca.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    254a51f1b5d5d958f7ed85d26e5db795203a47db4b58f42f29c2470f8bafc2ca

  • Size

    1.5MB

  • Sample

    241116-bwktksxdlm

  • MD5

    0bcc6937dbb6c678d938f59c5c58af98

  • SHA1

    a4ff98544f063f10a1f2726bd5f2893ad1ef3dd7

  • SHA256

    254a51f1b5d5d958f7ed85d26e5db795203a47db4b58f42f29c2470f8bafc2ca

  • SHA512

    913a430a5e084f1f5d6c86f196594163584c48058d0c23d0dec3b77275154d04b59c2a6100f419dae31cf4a665e554e0e5d152164ea5becba1b2189809e674b1

  • SSDEEP

    24576:g5EmXFtKaL4/oFe5T9yyXYfP1ijXdaE6F+2jMporiw3JyNJya/T3xu/:gPVt/LZeJbInQRaEK+2BP3E3ya

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      254a51f1b5d5d958f7ed85d26e5db795203a47db4b58f42f29c2470f8bafc2ca

    • Size

      1.5MB

    • MD5

      0bcc6937dbb6c678d938f59c5c58af98

    • SHA1

      a4ff98544f063f10a1f2726bd5f2893ad1ef3dd7

    • SHA256

      254a51f1b5d5d958f7ed85d26e5db795203a47db4b58f42f29c2470f8bafc2ca

    • SHA512

      913a430a5e084f1f5d6c86f196594163584c48058d0c23d0dec3b77275154d04b59c2a6100f419dae31cf4a665e554e0e5d152164ea5becba1b2189809e674b1

    • SSDEEP

      24576:g5EmXFtKaL4/oFe5T9yyXYfP1ijXdaE6F+2jMporiw3JyNJya/T3xu/:gPVt/LZeJbInQRaEK+2BP3E3ya

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks