Overview

overview

10

Static

static

8

PL_056_06_713.doc

windows7_x64

10

PL_056_06_713.doc

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PL_056_06_713.doc

  • Size

    387KB

  • Sample

    210511-n3pj34ht6a

  • MD5

    7ea976fa35d432a5f1fbd95fedb6b491

  • SHA1

    372fbcd853b6e3143abce13481b38a398a18d1c2

  • SHA256

    5559a0af254ec91974ee7dbc6e48ded1b27e0b0bba31e8a5a7c3d935cbb3a134

  • SHA512

    99665619c7b952edf1a443c237faf6ec33652710b6717128e5e80babc7c919faaf2305d8bdc3267311fa369329f03dd66cfb7561ea4875162e6c7ca2911d4910

Score
10/10
agentteslakeyloggermacromacro_on_actionspywarestealertrojanxlm

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    sixjan.xyz
  • Port:
    587
  • Username:
    zenom@sixjan.xyz
  • Password:
    7&JWw;63ncJ^

Targets

    • Target

      PL_056_06_713.doc

    • Size

      387KB

    • MD5

      7ea976fa35d432a5f1fbd95fedb6b491

    • SHA1

      372fbcd853b6e3143abce13481b38a398a18d1c2

    • SHA256

      5559a0af254ec91974ee7dbc6e48ded1b27e0b0bba31e8a5a7c3d935cbb3a134

    • SHA512

      99665619c7b952edf1a443c237faf6ec33652710b6717128e5e80babc7c919faaf2305d8bdc3267311fa369329f03dd66cfb7561ea4875162e6c7ca2911d4910

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks