Overview

overview

10

Static

static

5

PO4100688444 PDF.exe

windows7-x64

10

PO4100688444 PDF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c69e2f1e27fd31c0d1433e92b749fafe68e642b830611e4ed87f740bfb080f4c

  • Size

    560KB

  • Sample

    241213-bkyajavrbl

  • MD5

    18070d2b4f275b1465e291f31f8b6b02

  • SHA1

    090b69a4e1abf50e1e8fe8a2d9617bbb0dab789c

  • SHA256

    c69e2f1e27fd31c0d1433e92b749fafe68e642b830611e4ed87f740bfb080f4c

  • SHA512

    29154198303dfd8f96cce40c5cbe1a51ab3d86f89d03bff324e9ec524efefa37c4aaab686f7fec8a34f9b3360008183df237aa05a70fc6f64868757170de65e2

  • SSDEEP

    12288:76pok0WiCsaMuz7FsEgVL1ayEPFTqGSFXW69c577j+AAIW:Np/CsgsvN8SPG7er

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PO4100688444 PDF.exe

    • Size

      1.0MB

    • MD5

      42095854acb2c20729e1afe08fa4fcad

    • SHA1

      823ebdbdd6e8f8c567ce7a19a89fbb9dcd7b1446

    • SHA256

      745104528d7478543fa629ff40dad531dd09fc4e95de5ed97c94893e90fd2c77

    • SHA512

      9a4a045d5eab89338fbf0e8305af7975c8c2d2defe53dff8c236520397818e1111be36066c70866fa1bfb5f1439698c254b83fa88eff4ec0c4b8ab25eefbbfe7

    • SSDEEP

      24576:au6J33O0c+JY5UZ+XC0kGso6Fag9z8vf2BpIWY:su0c++OCvkGs9FagR8vfEhY

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks