Overview

overview

10

Static

static

5

a848e5d8d3...69.exe

windows7-x64

10

a848e5d8d3...69.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a848e5d8d3a080b81556f4f7ec1fe1103610bf7bbb023065bf2e6696abaf6769

  • Size

    1.1MB

  • Sample

    241123-cccvas1lbr

  • MD5

    1ca01a88b80112024883e55a27b1345a

  • SHA1

    3fdcd8cd1ff882b9c76dd93f680bb7f60fc97c7d

  • SHA256

    a848e5d8d3a080b81556f4f7ec1fe1103610bf7bbb023065bf2e6696abaf6769

  • SHA512

    9f978fe421c5217bccf787df0a105f584cd945be1f43e77f1971d688becaa9682a01acf7585b6bcaf4111103835dbcaa2caef59ccd393a16360cedebfb891125

  • SSDEEP

    24576:Xtb20pkaCqT5TBWgNQ7aaGNhHYefDINn9Zr3qH6A:UVg5tQ7aaaHYaEN9K5

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      a848e5d8d3a080b81556f4f7ec1fe1103610bf7bbb023065bf2e6696abaf6769

    • Size

      1.1MB

    • MD5

      1ca01a88b80112024883e55a27b1345a

    • SHA1

      3fdcd8cd1ff882b9c76dd93f680bb7f60fc97c7d

    • SHA256

      a848e5d8d3a080b81556f4f7ec1fe1103610bf7bbb023065bf2e6696abaf6769

    • SHA512

      9f978fe421c5217bccf787df0a105f584cd945be1f43e77f1971d688becaa9682a01acf7585b6bcaf4111103835dbcaa2caef59ccd393a16360cedebfb891125

    • SSDEEP

      24576:Xtb20pkaCqT5TBWgNQ7aaGNhHYefDINn9Zr3qH6A:UVg5tQ7aaaHYaEN9K5

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks