Overview

overview

10

Static

static

5

B933729C4B...4B.exe

windows7-x64

10

B933729C4B...4B.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    B933729C4BB21F187EDC94A4EEC48071176DEEDC7360D0BF9C3C0904F1BE634B

  • Size

    1.2MB

  • Sample

    250103-jqhe9svmbz

  • MD5

    1cfe042a2242aef040dfeda306aeab81

  • SHA1

    7da28f7a2d2a6443c884918f38cf5be58a8ad917

  • SHA256

    b933729c4bb21f187edc94a4eec48071176deedc7360d0bf9c3c0904f1be634b

  • SHA512

    340d4f24aa9b442aa092d1058deea1a4193fb682334f341dfd9f189403f6a371d0cec8efde572ed1b5291966a4e16528f2efe4aef59aa869238e3f8322ddd194

  • SSDEEP

    24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8aAfdbgBwfjKwdtOYq:VTvC/MTQYxsWR7aAf9MwdtO

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      B933729C4BB21F187EDC94A4EEC48071176DEEDC7360D0BF9C3C0904F1BE634B

    • Size

      1.2MB

    • MD5

      1cfe042a2242aef040dfeda306aeab81

    • SHA1

      7da28f7a2d2a6443c884918f38cf5be58a8ad917

    • SHA256

      b933729c4bb21f187edc94a4eec48071176deedc7360d0bf9c3c0904f1be634b

    • SHA512

      340d4f24aa9b442aa092d1058deea1a4193fb682334f341dfd9f189403f6a371d0cec8efde572ed1b5291966a4e16528f2efe4aef59aa869238e3f8322ddd194

    • SSDEEP

      24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8aAfdbgBwfjKwdtOYq:VTvC/MTQYxsWR7aAf9MwdtO

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks