Overview

overview

10

Static

static

1

F25-Try on pdf.exe

windows7-x64

7

F25-Try on pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20819100689.zip

  • Size

    1.2MB

  • Sample

    250120-jrqg9szkcr

  • MD5

    fe9e06b1463e2f8d7c5ecf86e8ffa7c9

  • SHA1

    cc25e95d0fc0066ed162180e0597a55e1b815f85

  • SHA256

    cf20ae1b9b308c8cc087d6f337e83178ba410d9d313974bdbf8b7c9afe5848d7

  • SHA512

    346a032ca08d2fd760e79c0890713021eee27f18a671632dc8cd79164644886a8d9664c8cf6f73860547ce019a8813a950a4ddd1be4ad3b0dfe45afc9c78c66e

  • SSDEEP

    24576:xhTPhuTW7XCCT6AvCh/X8GhC/i84OySHRX9oIuxhNJsqjpUbbyDzTo7:xh7hv7XCI6AvyVY68nX9mVszbbyD0

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      F25-Try on pdf.exe

    • Size

      1.3MB

    • MD5

      dbd54a222b7f9aa1abbf19a840421ab7

    • SHA1

      8555ea63be366d4104ea299223eab6155f7fa107

    • SHA256

      b31b08dbbbccb893273b1cd7a9f21228eea7dbda46a2723ce34542f641eb6a46

    • SHA512

      c22bfc1dcdd3d59d7181a3306a897c031a2cf76f9a856f9366ed47f99974b2fb06f957efcd90d3b1c355c989d7d16093635578adf7f4da26a6d923df444aff20

    • SSDEEP

      24576:WXZiqgJiqzPiWXSRy45jKatSOwdLyroxNz71qE:WQqg8wiWXKaatsbX0E

    Score
    10/10
    discoveryagentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks