Overview

overview

10

Static

static

1

INVOICE_PRFpdf.exe

windows7_x64

10

INVOICE_PRFpdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INVOICE_PRF.pdf.arj

  • Size

    332KB

  • Sample

    210226-wt9cytnvpe

  • MD5

    a1e62631795cfdf95b0aab1a6af0af19

  • SHA1

    f80f7dd56debbd5beb833f3930da290a353fa2ab

  • SHA256

    f0304864c3f040b029eec2e7a3d4a973a2a859feb9ed845775b2abbd4d838575

  • SHA512

    6f9087c66f9bb01d06ff674963cfd9e1bd7914dd684b5168958340171125dff123d96fc8a2b7ea58debdb2da4389a4d68782cba9243b59c0ba15ea49ff326633

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      INVOICE_PRFpdf.exe

    • Size

      345KB

    • MD5

      12cdd8a86151dcd9ef7a7600e4cd27fb

    • SHA1

      17d46476e72d92bfd0d002f312fd18dc2c164667

    • SHA256

      95c008fdb0ff81d4b148fac86341f08e5ee8dc036b4f4a1a6d4140c98ae2a136

    • SHA512

      5447b2d3b2958eff3b168e08e42856c5cd5015aa7c3e370d31353f5f578c8c663b2553ded992915b3879a5e6f90c4ffdce677c9927d731520b9e97d38030e19c

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks