Overview

overview

10

Static

static

1

GHT0839W9-...IDU.js

windows7-x64

10

GHT0839W9-...IDU.js

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GHT0839W9-BNK89W9W989W0-KLAWUDIDU.tar

  • Size

    715KB

  • Sample

    241129-najqlsskgv

  • MD5

    af3146044fadbfad19cf6cae19c5215f

  • SHA1

    d690916895132bd996f5f26fc3740423ab10425c

  • SHA256

    7d07daae52409689e16158ea788904761298b7c66f1bf722431199e59077871b

  • SHA512

    a3a5c1b9fbfe3c392698c6d70cc696d124cacb84a4afbf295bd2c585c8574ab2092ae047932957e8e630acde2d3d975b77ab52120e0d02ce8b2588e324d3908f

  • SSDEEP

    12288:aQxYkN4rHWYwZBmmBpknk1tB9RPqI874VcltvLGjzV8M58Wlg:aqN46Ykpkkff87zltyjzeMOWlg

Score
10/10
agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      GHT0839W9-BNK89W9W989W0-KLAWUDIDU.js

    • Size

      1.4MB

    • MD5

      b670581786ae5f1c0a854e3b5b16074a

    • SHA1

      8acdcbccce34174a7931cd68e849fc241f56a4b2

    • SHA256

      9fb04bc8fa717198d88cb3b26ee76bddd2f5cfb61dbb0ec33b90660628e424a1

    • SHA512

      0c14608e0842433dc4b0ab02bb15eaefdd75d38f27007b7cbe7b7034712309bd0a19296cd4afdbee05307cbd0ba6fb1d1715cb472b7996907b8840a6a044f995

    • SSDEEP

      24576:PaVFa3H5CC/a/sqC40mMEirEISpShQrmmpMJ4zV:y6H1B40V1u5zV

    Score
    10/10
    agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks