Overview

overview

10

Static

static

003837828.exe

windows7_x64

10

003837828.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    003837828.exe

  • Size

    1.4MB

  • Sample

    200624-lez77jz6ae

  • MD5

    88c4d1dc3561ecc79ce1805006a46a03

  • SHA1

    c7a4c9e513e22e9dcae05f5e25ccf3b96fb613b3

  • SHA256

    a4ae21742866df21e5b94b11a9384eb72393c38a8d49fc9fa786298b3a406710

  • SHA512

    c29dd21db6789c4de1132b6605be35f4e796cb0aa16cf0f8d7383f0eba49b55decf7cbf516b83b476724fde271a1617f4328cfbea7919acadb7f770cf3a0e432

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.seagull.com.pk
  • Port:
    587
  • Username:
    seagull@seagull.com.pk
  • Password:
    SyeD@1969

Targets

    • Target

      003837828.exe

    • Size

      1.4MB

    • MD5

      88c4d1dc3561ecc79ce1805006a46a03

    • SHA1

      c7a4c9e513e22e9dcae05f5e25ccf3b96fb613b3

    • SHA256

      a4ae21742866df21e5b94b11a9384eb72393c38a8d49fc9fa786298b3a406710

    • SHA512

      c29dd21db6789c4de1132b6605be35f4e796cb0aa16cf0f8d7383f0eba49b55decf7cbf516b83b476724fde271a1617f4328cfbea7919acadb7f770cf3a0e432

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks