Overview

overview

10

Static

static

5

new order.exe

windows7-x64

10

new order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    322af4b2c8baa0a0f4b8827a6de154d96e5121f23842ac7c9c47c9b5ba83f1fa.zip

  • Size

    993KB

  • Sample

    250116-cx6ccayjfl

  • MD5

    ca113dd05b699171f9388af184f9129b

  • SHA1

    deece0caf3ec50d781fc6d2d03f6d395aa359995

  • SHA256

    322af4b2c8baa0a0f4b8827a6de154d96e5121f23842ac7c9c47c9b5ba83f1fa

  • SHA512

    89d2c80d838eec3039895377bc8f6daa94bbb0b52fe10704ae8a3a9f3eda9a52861efc32563c25d0c2b7f7be22c53030f46b27e0428fc9c5d319c8c1cf0ff66e

  • SSDEEP

    24576:qrGc9/bPsPq7g3HPA6N1NdgqWvpa1lkVrQCiqUaS+acK:qrG8/QiSHPA6HNZWzVrl7S+4

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      new order.exe

    • Size

      1.4MB

    • MD5

      5bd43bca9f37dc01690005a956311211

    • SHA1

      6e3b46e9fa922cea0ed1d02389032a0600f0e4f6

    • SHA256

      3cd37c50b5c492be85099995d20dbeeaa806fd14794317fdea52fb515cda0ba7

    • SHA512

      ba30e2315ddbd4f3760b315c0b69cb0a09d5bf50b6499ced4d64fb27f185c267d58aeeb50669bb5b335f505447a641b3f06d31f1c2a30d4e54f50ff85d560d21

    • SSDEEP

      24576:aqDEvCTbMWu7rQYlBQcBiT6rprG8aQswTAQNpRzgqyHta1lkVPQwOGyUyAc:aTvC/MTQYxsWR7aQVTAQXRjyNVPFByA

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks