Overview

overview

10

Static

static

1

invnoIL438805.exe

windows7-x64

7

invnoIL438805.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    472b8c7c8c2c2c19b69ced755ed0b11b756714acea69cf2651f77e58d2eb1142.rar

  • Size

    1.1MB

  • Sample

    250114-cy5gfatqbv

  • MD5

    6fdf33a1f6b59137300429b75dfdc13d

  • SHA1

    f5990936a89ff6200cc0ef30024f6bf40be312f2

  • SHA256

    472b8c7c8c2c2c19b69ced755ed0b11b756714acea69cf2651f77e58d2eb1142

  • SHA512

    52a9c17095ba94ff882c65f0163bc22e5cc82c0d2e08bfeb114dd7384c2c9f39c3694dfe24b767893cc209535f73ab98a686e2a48467ec3d2978a235657f7b34

  • SSDEEP

    24576:CU+mUHcU4jV2a7IaPSTxfwpvP+tjMs3lXpcVUbxuOZJYTIsjNyT5+8hkmt41SDO1:L+hcU4jsa7IaPUtwpv2tjMs15cVcuOzg

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      invnoIL438805.exe

    • Size

      1.3MB

    • MD5

      253aa736dcd90caa801ba4aad9f0b7ce

    • SHA1

      2545298c281e583269f7b24d2c20b9f176056fda

    • SHA256

      3b593da5f678af89946aebb762ab465c627a4dea6942b1a134a22536fb9ec7b6

    • SHA512

      204c654b51ac3f6e921648c755e8e20b7eb26066d0ff012d4fb9d974cfcaa0e2380c2aa8785ac578c88d41bee9780d77fe19b36a388ec9ad591702137f4386f4

    • SSDEEP

      24576:uJc06N6kTdOUmt9HbygoY8VB5Lc4DYWktF1pGlwgUd0z+A:umoBl7oY8zVc4sWC1wl/UdvA

    Score
    10/10
    discoveryagentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks