Overview

overview

10

Static

static

5

36a9a5ac31...50.exe

windows7-x64

10

36a9a5ac31...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36a9a5ac318455e2df6ee45c1f57435c090919d4204c073a752edec8929df050

  • Size

    1.4MB

  • Sample

    250126-bfz9bsyjej

  • MD5

    28b06e877f701a657210f71d96f5215a

  • SHA1

    37e31c0eb93d9c6cbb9c50df3b95a2c2e8a27e55

  • SHA256

    36a9a5ac318455e2df6ee45c1f57435c090919d4204c073a752edec8929df050

  • SHA512

    a8f957e35a39f5dbdf524c68760c24b068be6d78b2d22ec0bdfb82f7cb122f723a9a2c7b5dd5505449cd0426551660264403ec441fa78be92de2e1a1168ae0c6

  • SSDEEP

    24576:0tb20pkaCqT5TBWgNjVYVt5FbuBwt4clGC1FrHV6A:dVg5tjVYVRiB+Gc15

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.stingatoareincendii.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    3.*RYhlG)lkA

Targets

    • Target

      36a9a5ac318455e2df6ee45c1f57435c090919d4204c073a752edec8929df050

    • Size

      1.4MB

    • MD5

      28b06e877f701a657210f71d96f5215a

    • SHA1

      37e31c0eb93d9c6cbb9c50df3b95a2c2e8a27e55

    • SHA256

      36a9a5ac318455e2df6ee45c1f57435c090919d4204c073a752edec8929df050

    • SHA512

      a8f957e35a39f5dbdf524c68760c24b068be6d78b2d22ec0bdfb82f7cb122f723a9a2c7b5dd5505449cd0426551660264403ec441fa78be92de2e1a1168ae0c6

    • SSDEEP

      24576:0tb20pkaCqT5TBWgNjVYVt5FbuBwt4clGC1FrHV6A:dVg5tjVYVRiB+Gc15

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks