Overview

overview

10

Static

static

5

new order.exe

windows7-x64

10

new order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new order.exe

  • Size

    1.4MB

  • Sample

    250115-jcykbsxlam

  • MD5

    5bd43bca9f37dc01690005a956311211

  • SHA1

    6e3b46e9fa922cea0ed1d02389032a0600f0e4f6

  • SHA256

    3cd37c50b5c492be85099995d20dbeeaa806fd14794317fdea52fb515cda0ba7

  • SHA512

    ba30e2315ddbd4f3760b315c0b69cb0a09d5bf50b6499ced4d64fb27f185c267d58aeeb50669bb5b335f505447a641b3f06d31f1c2a30d4e54f50ff85d560d21

  • SSDEEP

    24576:aqDEvCTbMWu7rQYlBQcBiT6rprG8aQswTAQNpRzgqyHta1lkVPQwOGyUyAc:aTvC/MTQYxsWR7aQVTAQXRjyNVPFByA

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      new order.exe

    • Size

      1.4MB

    • MD5

      5bd43bca9f37dc01690005a956311211

    • SHA1

      6e3b46e9fa922cea0ed1d02389032a0600f0e4f6

    • SHA256

      3cd37c50b5c492be85099995d20dbeeaa806fd14794317fdea52fb515cda0ba7

    • SHA512

      ba30e2315ddbd4f3760b315c0b69cb0a09d5bf50b6499ced4d64fb27f185c267d58aeeb50669bb5b335f505447a641b3f06d31f1c2a30d4e54f50ff85d560d21

    • SSDEEP

      24576:aqDEvCTbMWu7rQYlBQcBiT6rprG8aQswTAQNpRzgqyHta1lkVPQwOGyUyAc:aTvC/MTQYxsWR7aQVTAQXRjyNVPFByA

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks