Overview

overview

10

Static

static

8

Purchase order.doc

windows7_x64

1

Purchase order.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase order.doc

  • Size

    69KB

  • Sample

    210316-exd4xy2rr6

  • MD5

    f0bbb85804a6759fe665b2482b6d083e

  • SHA1

    0eba1c2a8877c96b1cda52a11ab2066124663e19

  • SHA256

    d60076d9ebcd69f0403422ebb01bf2df5faa59ce3fe2596b76ba0868ec666549

  • SHA512

    cc0f3314ba4d01de4af012eac61033d686183b83b2ec6a674ff27248f72dbbe86f8f655460ec37385d6c3f6628f80928dcfaa0cbb135fa541b270b92b5591abf

Score
10/10
agentteslakeyloggermacromacro_on_actionspywarestealertrojanxlm

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ruben000

Targets

    • Target

      Purchase order.doc

    • Size

      69KB

    • MD5

      f0bbb85804a6759fe665b2482b6d083e

    • SHA1

      0eba1c2a8877c96b1cda52a11ab2066124663e19

    • SHA256

      d60076d9ebcd69f0403422ebb01bf2df5faa59ce3fe2596b76ba0868ec666549

    • SHA512

      cc0f3314ba4d01de4af012eac61033d686183b83b2ec6a674ff27248f72dbbe86f8f655460ec37385d6c3f6628f80928dcfaa0cbb135fa541b270b92b5591abf

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks