Overview

overview

10

Static

static

3

PO#7A68D24.pdf.exe

windows7-x64

10

PO#7A68D24.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#7A68D24.pdf.exe

  • Size

    708KB

  • Sample

    240427-xp8sqaee23

  • MD5

    946a0735432aca25fa370970e97a3dbb

  • SHA1

    9ffac6be378c7379a8ea11a5a439445a46f6bb5c

  • SHA256

    7628ace4f2627bc65377a8123ce9e05849e4e4b3fd5b862e03ffcee42274ccfb

  • SHA512

    9a54f14e47637dd6001ec2426111af5cbf18d96ef2d1fc320d15ba86722d7a445029354e91d82b58617180e141f207245ffb0c15b46fdb89253333c85c77f461

  • SSDEEP

    12288:PWYIPXjxannnHg2r+Eu1ed8MBqIg5B+gZ9r/XIc/P/EtnOG96TchIf6+Xn7M:PWYIPFannnHg2r1uc3Bqr5QgZl/PAOGb

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.nationalkham.com
  • Port:
    587
  • Username:
    sales@nationalkham.com
  • Password:
    kham1234
  • Email To:
    newmankint@yandex.com

Targets

    • Target

      PO#7A68D24.pdf.exe

    • Size

      708KB

    • MD5

      946a0735432aca25fa370970e97a3dbb

    • SHA1

      9ffac6be378c7379a8ea11a5a439445a46f6bb5c

    • SHA256

      7628ace4f2627bc65377a8123ce9e05849e4e4b3fd5b862e03ffcee42274ccfb

    • SHA512

      9a54f14e47637dd6001ec2426111af5cbf18d96ef2d1fc320d15ba86722d7a445029354e91d82b58617180e141f207245ffb0c15b46fdb89253333c85c77f461

    • SSDEEP

      12288:PWYIPXjxannnHg2r+Eu1ed8MBqIg5B+gZ9r/XIc/P/EtnOG96TchIf6+Xn7M:PWYIPFannnHg2r1uc3Bqr5QgZl/PAOGb

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks