Overview

overview

10

Static

static

5

1de2fa3a2e...af.exe

windows7-x64

10

1de2fa3a2e...af.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1de2fa3a2ecc25fc9b28f0e4ba4156a89d2b536c04bafc7b83014a6c5dc9dfaf

  • Size

    1.1MB

  • Sample

    241116-zcaq9stcjd

  • MD5

    177433242c915815b6c13dc992a2e82b

  • SHA1

    4ef6d9a9b024d0e43dbb797e90234e768299296c

  • SHA256

    1de2fa3a2ecc25fc9b28f0e4ba4156a89d2b536c04bafc7b83014a6c5dc9dfaf

  • SHA512

    bc0b3b8367ad592f652ba21d8e87899daebc5bdad3ebeddf72331d6ce5269e9df8a6bf81fb409b49325a4648d6f71b087a1f1a45292d63e3185e98fc90c19fc1

  • SSDEEP

    24576:jtb20pkaCqT5TBWgNQ7aIdoXsVfcwhoyVKMQXH6A:gVg5tQ7aIachfhSH5

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      1de2fa3a2ecc25fc9b28f0e4ba4156a89d2b536c04bafc7b83014a6c5dc9dfaf

    • Size

      1.1MB

    • MD5

      177433242c915815b6c13dc992a2e82b

    • SHA1

      4ef6d9a9b024d0e43dbb797e90234e768299296c

    • SHA256

      1de2fa3a2ecc25fc9b28f0e4ba4156a89d2b536c04bafc7b83014a6c5dc9dfaf

    • SHA512

      bc0b3b8367ad592f652ba21d8e87899daebc5bdad3ebeddf72331d6ce5269e9df8a6bf81fb409b49325a4648d6f71b087a1f1a45292d63e3185e98fc90c19fc1

    • SSDEEP

      24576:jtb20pkaCqT5TBWgNQ7aIdoXsVfcwhoyVKMQXH6A:gVg5tQ7aIachfhSH5

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks