Overview

overview

10

Static

static

1

Please che...ts.exe

windows7-x64

7

Please che...ts.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c83f48a349a21c575b8457d21b3fed69c03b0ca7a3855534807a164400d53fd

  • Size

    1.2MB

  • Sample

    250117-bzndwaymbm

  • MD5

    df330c1a316a8f7a80e7f63a601f5e5f

  • SHA1

    111139e94197aa11c834024ecbf2193ad866631e

  • SHA256

    0c83f48a349a21c575b8457d21b3fed69c03b0ca7a3855534807a164400d53fd

  • SHA512

    c2f7e03e13dec09a3ca3186482489e0e38d6133152c3213404108e40158dadedea21ff7ffc3086b932f9f3a44874aa6767caf8efbb826de13fbf9d75eb19859f

  • SSDEEP

    24576:TufRcwGQbHXSswX7NMVkX6vIAnPufodJ90gjhj50:YRcw5msUNM+KdPuAdJ9BJe

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Please check the Accounts Payable Scheduled Payments.exe

    • Size

      1.5MB

    • MD5

      21d9c1bf04fd946614d98c58efc01dbb

    • SHA1

      12ae81224a1999ab8bd40566d8ba90fc66e935c3

    • SHA256

      210175f5bafe15433fd3acb88b589dbafffda668fe4a85621b45b9433b598e73

    • SHA512

      bfdefcd2a6d502ac2011a9a8141ede98bf4d93135669f16f0130677048d218ee9f2fbf2c8f058a5d6e27c79f2dda3b916c2b94ffe84e79d6d3235364588ea1e5

    • SSDEEP

      24576:+rPoD1Iahvwt91g7k+PDRpneYdT4/pQpI5HjbxkZHhRXZvwpOi9JeRs/7TYUH:MP9ahvE87kw1xi/pF53xk7lwp19JsCNH

    Score
    10/10
    discoveryagentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks