Overview

overview

10

Static

static

3

23642e49df...8c.exe

windows10-ltsc 2021-x64

10

Resubmissions

10-01-2025 01:38

250110-b2jhpsxmat 10

10-01-2025 01:33

250110-byjpasxlay 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23642e49df2c9995118b5eb4b16a839a4ee293d923971c068d851f3beb15a98c

  • Size

    1.5MB

  • Sample

    250110-b2jhpsxmat

  • MD5

    c0b528f14bcbbbb8f4aed47f5def45ed

  • SHA1

    2da65e0d0dda6a3df6086ac5716c3749f7e01072

  • SHA256

    23642e49df2c9995118b5eb4b16a839a4ee293d923971c068d851f3beb15a98c

  • SHA512

    571c17cda484d8744cff5c03d7ad823da5c26c562c34e50fdaabdd68b7a18ca11332c71fdb00e56d247aac3d74609c0cee2773cb3f5d3ca827eeecb82237a71a

  • SSDEEP

    24576:/CtyWSC/ujRD2YELftSzrEwWvdSv1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:/CLc3EAgwWFajLoyEkmZ9Y14

Score
10/10
agentteslacollectioncredential_accessdefense_evasiondiscoverykeyloggerspywarestealertrojanupx

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      23642e49df2c9995118b5eb4b16a839a4ee293d923971c068d851f3beb15a98c

    • Size

      1.5MB

    • MD5

      c0b528f14bcbbbb8f4aed47f5def45ed

    • SHA1

      2da65e0d0dda6a3df6086ac5716c3749f7e01072

    • SHA256

      23642e49df2c9995118b5eb4b16a839a4ee293d923971c068d851f3beb15a98c

    • SHA512

      571c17cda484d8744cff5c03d7ad823da5c26c562c34e50fdaabdd68b7a18ca11332c71fdb00e56d247aac3d74609c0cee2773cb3f5d3ca827eeecb82237a71a

    • SSDEEP

      24576:/CtyWSC/ujRD2YELftSzrEwWvdSv1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:/CLc3EAgwWFajLoyEkmZ9Y14

    Score
    10/10
    agentteslacollectioncredential_accessdefense_evasiondiscoverykeyloggerspywarestealertrojanupx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • AgentTesla payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks