Overview

overview

10

Static

static

78594-854 ...cx.exe

windows7_x64

10

78594-854 ...cx.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    _78594-854 Booking confirmation docx.rar

  • Size

    818KB

  • Sample

    210421-fj5t9qsr7j

  • MD5

    003ff31192221ed822f7ca387166eced

  • SHA1

    c341d74c826d8811443f158c162a932172985e0e

  • SHA256

    76425d335d9c6ae6dc123fd03fc4949b7db8f91305b2b1262b69195e9ebf33b7

  • SHA512

    ba815a5da14bff1cee28d0bde4ef0145c310a622bcedb7b3b99b052f2e606dae775b07198e4b21e8dc3664b3773098684a524a167c6b70ab71d5d8dec2e99120

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.akdogulojistik.com
  • Port:
    587
  • Username:
    servet@akdogulojistik.com
  • Password:
    Ak6363Dogu2009

Targets

    • Target

      78594-854 Booking confirmation docx.exe

    • Size

      1.2MB

    • MD5

      aa2e1a9609044d3d2ebcc0576417668d

    • SHA1

      7f6b766f64c09b5e23a2836f52a819915bbf3ec8

    • SHA256

      cbad9f9eabd3439596d81e2e54c3fbc37aba236f7a62c377a0e291dc8b0a8906

    • SHA512

      975d0b5265eb39800ac56fff9c514f2004883992d0198c17e6a00207ea70c93ea15fac9793fab139a19df06397283516148518d7e2841a7f98c055d8d231d1f4

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks