Overview

overview

10

Static

static

Payment Advice.xlsx

windows7_x64

10

Payment Advice.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Advice.xlsx

  • Size

    3.7MB

  • Sample

    210421-e3h6pjc5a2

  • MD5

    5e1e64b617b1c40cf151b5d06e1beec5

  • SHA1

    24d6ac44e463d05cb2f224123f0bfae3e7780181

  • SHA256

    227f928eab84ca0736d1059cec135eb48996136d98c251ace0cd29d8c139471b

  • SHA512

    aaad618656ab34b001772341a0f45036323a5422193e6262028013feaa7c1d0714d46c77fdf27667f76e742a9d6e18a30b20a67eeeb3095cfc0d7aabbb8b0eb2

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1712271713:AAGJzuYypM3OwZho3Ow-PgwvbQRhZlQBGFk/sendDocument

Targets

    • Target

      Payment Advice.xlsx

    • Size

      3.7MB

    • MD5

      5e1e64b617b1c40cf151b5d06e1beec5

    • SHA1

      24d6ac44e463d05cb2f224123f0bfae3e7780181

    • SHA256

      227f928eab84ca0736d1059cec135eb48996136d98c251ace0cd29d8c139471b

    • SHA512

      aaad618656ab34b001772341a0f45036323a5422193e6262028013feaa7c1d0714d46c77fdf27667f76e742a9d6e18a30b20a67eeeb3095cfc0d7aabbb8b0eb2

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Exploitation for Client Execution

1
T1203

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks