Overview

overview

10

Static

static

1

0969686.vbe

windows7-x64

8

0969686.vbe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15012025_1520_15012025_890147DOCU.7z

  • Size

    4KB

  • Sample

    250115-syqw2swrcw

  • MD5

    4759cbe5dc43bc86c2692e9499b389c0

  • SHA1

    68399a43cfc024edce70c8496f0b736ef02b718a

  • SHA256

    1e50c25c7e56abecb3c802c2cb4dbb0863b203ef5becd1232732b2ce53dcbfdc

  • SHA512

    8304cc2912a76b6f9ff10e54e3eb8da6bb65aa424ad71e8bfa5807a9db32dfda0a3c03198aa19ef7b07bf9e4062572ecb6752cfe5c1bec14b62fd771b48f201a

  • SSDEEP

    96:wHP+LOX3Sn7jngHiaC4RCBN+AhDHBF5tfYy1eNiEMJLMz4:hqSfngwv0KDHBJdeNBM5Mz4

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      0969686.vbe

    • Size

      11KB

    • MD5

      4565da69d82d3d17f33436b132261de7

    • SHA1

      5e124ae25d9ec64cc681546299e0fa2d4f4b50d4

    • SHA256

      e2604e06a1d397760f22a668b48821dc20f06a8c3a28d165b9c96569b0e88bbb

    • SHA512

      7390abe671d2ad1a430bfb69888cdcb7f6e9284cc9432338a5b1eddeb0624987b92a56009e50c283c46894256ca1ab43640cac3ecbf09bd4b69867cccb6f4329

    • SSDEEP

      192:YeHNd/sigyX/tr7b7RMAv0Evwfk5Pv4fX//CxHQ6V62nN4je5K:zHMiTFPXHvwfk5PvQiHQ6EGijT

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks