Overview

overview

10

Static

static

5

wop.exe

windows7-x64

10

wop.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f26493c669736a4538ad779d207f79e9835ee0d99db010635aab7dea83cf27f0

  • Size

    799KB

  • Sample

    250128-bnhdgsska1

  • MD5

    fbc26f58a8d9fd810385d30f5e94372b

  • SHA1

    4cd63b4acfe9436f0232f0b1bfc6d933787c32ae

  • SHA256

    f26493c669736a4538ad779d207f79e9835ee0d99db010635aab7dea83cf27f0

  • SHA512

    ab1de7c1682ef29fb978fc8e9f3eccd2af66ecc37c0a18903b7b40a6e75389b3454e59a320ebb94e237654df315e18caa73a049e4a536f80ef6cfad053299dee

  • SSDEEP

    24576:gU+Q7KyXetrPaUtC8f2p/f5XvUC2WCrAbJcovly:gU196zC8faf5XvUC2bKJcoty

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.jeepcommerce.rs
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Q6]7rLSD*gU2

Targets

    • Target

      wop.exe

    • Size

      1.1MB

    • MD5

      46d533ab288a9e21f6fa4cfce3b839e4

    • SHA1

      913ed512460df646950c709ff843fac53873dfeb

    • SHA256

      9df9ceb56b0bcabc853ea273dc9cbdc3b4d2431db1aaa61d227cc26c46e6ef69

    • SHA512

      0ec52858f65210889fe7cac645aaa7bddc56ba71055c7f2f2901ce56e695e54218bb35182011f2c85d1f667a7ea293e20f7fc81ffcf4054b2e6bf3740befd292

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaC1KOMMGId1gDWjBCAs2o:7JZoQrbTFZY1iaC1K7/ILHjBCZ

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks