Overview

overview

10

Static

static

5

05ECF7A1DE...CF.exe

windows7-x64

10

05ECF7A1DE...CF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05ECF7A1DE9BB28235133CDB0BCC58BBCE255D2500E74E429F36DB446B4DB6CF

  • Size

    938KB

  • Sample

    250103-jnqzmaxpak

  • MD5

    3bd2c3c963ade6a3af98de3ed40911ed

  • SHA1

    fc62e68738f6688f01a868bd38768baf114fab3e

  • SHA256

    05ecf7a1de9bb28235133cdb0bcc58bbce255d2500e74e429f36db446b4db6cf

  • SHA512

    534072ea9c51b7c4c39a7818cc39fda880d9f8cb78eca609daaf0eaea64fc95cadd2d5987a9491d2673f30713f1ea324d97c51a24c4dcfda5a076969c370385f

  • SSDEEP

    24576:URmJkcoQricOIQxiZY1iaZ76AIwpHQC46AqJVe0:xJZoQrbTFZY1iaZ76apHJh9JVd

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      05ECF7A1DE9BB28235133CDB0BCC58BBCE255D2500E74E429F36DB446B4DB6CF

    • Size

      938KB

    • MD5

      3bd2c3c963ade6a3af98de3ed40911ed

    • SHA1

      fc62e68738f6688f01a868bd38768baf114fab3e

    • SHA256

      05ecf7a1de9bb28235133cdb0bcc58bbce255d2500e74e429f36db446b4db6cf

    • SHA512

      534072ea9c51b7c4c39a7818cc39fda880d9f8cb78eca609daaf0eaea64fc95cadd2d5987a9491d2673f30713f1ea324d97c51a24c4dcfda5a076969c370385f

    • SSDEEP

      24576:URmJkcoQricOIQxiZY1iaZ76AIwpHQC46AqJVe0:xJZoQrbTFZY1iaZ76apHJh9JVd

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks