Overview

overview

10

Static

static

5

OC DDLP - ...L2.exe

windows7-x64

10

OC DDLP - ...L2.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21112024_0051_20112024_OC DDLP - 241119L2.gz

  • Size

    570KB

  • Sample

    241121-a7p21a1qhm

  • MD5

    08f9dbb6f861b7988c748516f574aebe

  • SHA1

    39c1fd5f0272f1327080261ab47129930ba4bfad

  • SHA256

    e1d5c93dde24991034b7096f86e2a6b6c3cbfe87e488cd483f3737c1720f60c8

  • SHA512

    586e2ce6b838f6ecadba842311527ae7899b205a0a8d1f55644bf3f7291c28348b8f9bcbf10f0a926c73223cdbef47038dbee8703058f49f3d44b8b2cbd2d29e

  • SSDEEP

    12288:TI33Lx+EHcq97UDWIrB4zSF+q+pZfXw9EoInx9GROrs:cd7Ua64f/rfhhxwT

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.stingatoareincendii.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    3.*RYhlG)lkA

Targets

    • Target

      OC DDLP - 241119L2.exe

    • Size

      1.1MB

    • MD5

      f5dc589c2c40d43d597b546cec4ccd1e

    • SHA1

      e02782d0e048126105b3d869e624e96155182417

    • SHA256

      daf6d0bd4e74165f4c22aefe012b41aac283e2931790a5576f05966dd656a58e

    • SHA512

      12ce255b9858fc0d305c95cbe887b1dda89a880675f9b6107683fec1183c0f7bd83a006dcb55c21bef9a4c9087288cf583380afdbd3ff4d01b13a9b65939fc34

    • SSDEEP

      24576:rtb20pkaCqT5TBWgNQ7ad63fJTj5b0B6A:oVg5tQ7aY3fJ5bA5

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks