Overview

overview

10

Static

static

3

Eaton PO-4...64.exe

windows7-x64

7

Eaton PO-4...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1c62d80debeea31ee00cbe0b96f33c8bbdb9bee1913729e3e6c35ed122012a5.zip

  • Size

    182KB

  • Sample

    250228-d1ybksyyhx

  • MD5

    677d28fa7c97d5dedf04560533915671

  • SHA1

    ef745c52bcd78bb57901501221c9e20fc45d4b22

  • SHA256

    b1c62d80debeea31ee00cbe0b96f33c8bbdb9bee1913729e3e6c35ed122012a5

  • SHA512

    ce66437ebe0a0260e1060bdef73bb2e89269320a802b6d5382c8a36c6b4d18492d1c37d63199e48119faccd2bc35e7e4045aedd8cdb0acfa67fbc0eb93259160

  • SSDEEP

    3072:uPfTUHgBcUq/0BYdzEoj2jZ6B+KiCiuQUgi6F7aKVNerpNdJcVhJs9ED+N1fZwVC:LHg+lAoGZ6m5repN4VhaWD+NiDQbqdg

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Eaton PO-45150292964.com

    • Size

      517KB

    • MD5

      0f58a33e105581cba508d8b64292ab5b

    • SHA1

      4b609cb3ebb060e061910314628cbc4c97bc70cd

    • SHA256

      b0ecb10600765efc1d81716094fddcaeb964ac35c9140b466dbbf5d147b8c53f

    • SHA512

      2d70bc0fef5e21bf5b05deafa89420fec020eae6b304fd9a05da42fa29f721c1264f1a755d6558df7c5fc6adea9da9649d4d2ab7da07e5e2880c076e55d2d2ac

    • SSDEEP

      12288:34RU6GHsHHziiQA2g5Tm2zKjCi/Qz0G63KlcG:3FI5Kmi/Hl29

    Score
    10/10
    discoveryagentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks