Overview

overview

10

Static

static

5

e51d289970...c5.exe

windows7-x64

10

e51d289970...c5.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e51d2899706d1fc7b2ceb507d49ffd09be932c79e99b0c820eaabe6b39b980c5

  • Size

    949KB

  • Sample

    241218-sn5mfsvjdk

  • MD5

    daa9839e2d085683d0a9f98bf1a485cf

  • SHA1

    62a0fd15177c5b8123a05be32fd1427e8cf2bbb3

  • SHA256

    e51d2899706d1fc7b2ceb507d49ffd09be932c79e99b0c820eaabe6b39b980c5

  • SHA512

    b2a5e944d367711f44d8c8b2035d30950475631b5e62ad9a4e46910fe50fb23a23f18fa1ab6eee11959b9e801b7ab40a8ae148ac015f01ed0c1a1dfd029b858d

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaCvqoG0Q+98vd5PG:7JZoQrbTFZY1iaCvs05KjPG

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      e51d2899706d1fc7b2ceb507d49ffd09be932c79e99b0c820eaabe6b39b980c5

    • Size

      949KB

    • MD5

      daa9839e2d085683d0a9f98bf1a485cf

    • SHA1

      62a0fd15177c5b8123a05be32fd1427e8cf2bbb3

    • SHA256

      e51d2899706d1fc7b2ceb507d49ffd09be932c79e99b0c820eaabe6b39b980c5

    • SHA512

      b2a5e944d367711f44d8c8b2035d30950475631b5e62ad9a4e46910fe50fb23a23f18fa1ab6eee11959b9e801b7ab40a8ae148ac015f01ed0c1a1dfd029b858d

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCvqoG0Q+98vd5PG:7JZoQrbTFZY1iaCvs05KjPG

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks