Overview

overview

10

Static

static

PO VASE.xlsx

windows7_x64

10

PO VASE.xlsx

windows10_x64

1

PO VASE.xlsx

macos_amd64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO VASE.xlsx

  • Size

    1.3MB

  • Sample

    210722-thqpqvtpp6

  • MD5

    08bfe97addcfdc8ea68d56a80a16621a

  • SHA1

    2111b3ffb8b32bad9d341848bdab6688e280a222

  • SHA256

    594b6fc5ffe9608371a2853db4a54d89d5bef4294680bfd835fa05b20f575b17

  • SHA512

    f17cc20e7884ef6b1d446feeb35f65129ec4cfd3a86208c7b639d9b3d1ac36d51b92c5aa9ed31d20f20ea61b895aa071ed8755752581620e110087f36171cd91

Score
10/10
agentteslakeyloggermacosspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ccsp-india.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Lkp$CcsP1008

Targets

    • Target

      PO VASE.xlsx

    • Size

      1.3MB

    • MD5

      08bfe97addcfdc8ea68d56a80a16621a

    • SHA1

      2111b3ffb8b32bad9d341848bdab6688e280a222

    • SHA256

      594b6fc5ffe9608371a2853db4a54d89d5bef4294680bfd835fa05b20f575b17

    • SHA512

      f17cc20e7884ef6b1d446feeb35f65129ec4cfd3a86208c7b639d9b3d1ac36d51b92c5aa9ed31d20f20ea61b895aa071ed8755752581620e110087f36171cd91

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks