Overview

overview

10

Static

static

3

eda66fd0e1...8f.exe

windows7-x64

1

eda66fd0e1...8f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe

  • Size

    368KB

  • Sample

    241129-evah1azrfj

  • MD5

    cfbfabd8e0b67d01a19458be6b945517

  • SHA1

    fa3d597f04aa2dd1e7f97c9b8f9c69a5411c6361

  • SHA256

    eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f

  • SHA512

    1927b7b6f8cc1bbe2dd786986c806e7b44574f859968bf0fd4046daf8ad4a4e1ce02ca5d511c2b48e3c5b3e838eeb4b0e5bd2ad9a27313eaae6d6011a675bb9a

  • SSDEEP

    384:ESKu2cP3nyEVPTHWKtL2H0VuM35zlQEew+yTzSf4JM54iICSCr4H444uiiiL1CjW:N3vnyAWkaHRQMwdz+4H4447iiL1o

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f.exe

    • Size

      368KB

    • MD5

      cfbfabd8e0b67d01a19458be6b945517

    • SHA1

      fa3d597f04aa2dd1e7f97c9b8f9c69a5411c6361

    • SHA256

      eda66fd0e1f4c8f0cdda206c461373ec760cc02eb0972c121cdf0ffc64702f8f

    • SHA512

      1927b7b6f8cc1bbe2dd786986c806e7b44574f859968bf0fd4046daf8ad4a4e1ce02ca5d511c2b48e3c5b3e838eeb4b0e5bd2ad9a27313eaae6d6011a675bb9a

    • SSDEEP

      384:ESKu2cP3nyEVPTHWKtL2H0VuM35zlQEew+yTzSf4JM54iICSCr4H444uiiiL1CjW:N3vnyAWkaHRQMwdz+4H4447iiL1o

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks