Overview

overview

10

Static

static

5

E-Notifica...7).exe

windows7-x64

10

E-Notifica...7).exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    E-Notification(Swift_Copy_000948736MTCB3827).rar

  • Size

    664KB

  • Sample

    250328-qlg29sykv4

  • MD5

    bb3cb823c748878d99ececd8eee08214

  • SHA1

    2732304e67ae686900889d6658780e2f0b34a113

  • SHA256

    28e099ec52e785c3730fc38d571548a80d07abd46f104f68302ba94cae189eaa

  • SHA512

    3abad8fac740196dc8250a41d6d651abdf2cd5df9bf2d64b9481a0b19872fb9079bf8f56ef1f85a747fb1bfa8e7bfe732a0c7d67c3f45afdc6dbcb6a26b06abc

  • SSDEEP

    12288:Simu1u8jORSb4vFx1UBzu9KJRFQKfkBScoLrzqfe6HrdHe5naB5DBdGBbE:T/u8CRSk7qBi9KrXOS8PHay2I

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      E-Notification(Swift_Copy_000948736MTCB3827).exe

    • Size

      1.1MB

    • MD5

      41d58997e17d288cdf4733313e23e81c

    • SHA1

      285f17ba04fdbcca6f18f8b61e8c794aa4ccabae

    • SHA256

      63c0e81868b4d1d5744152cb95cbe7bdaaa4bc2670037276de94d80e5b0539c5

    • SHA512

      7e46c84f4a09862472efec7d030fced7e2f6be2a6b4d9f2363837f44db7bb67285e1b5951c8c8053d9aa73edf952c254ca5e1479ea46d6010290624972d84c5a

    • SSDEEP

      24576:3u6J33O0c+JY5UZ+XC0kGso6FaUiuxpZPFa2bG6WY:Ru0c++OCvkGs9FaUiufu2OY

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks