Overview

overview

10

Static

static

invo5514155.exe

windows7_x64

10

invo5514155.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invo5514155.pdf.gz

  • Size

    546KB

  • Sample

    210727-22xejbmcz6

  • MD5

    4a6340eeab6b7c8b6d9fd08db4c3ebc0

  • SHA1

    52d1962f0a99aca2ee1bac502f170d38569ca5f0

  • SHA256

    eea242ea0738fd80692f38a8dc59faf17555d717d110d04b32d542c4ed9fb9a8

  • SHA512

    1abcc9842a1cccaa65e1db117f435587e65ae2f7ad8d10b81f7262a0cdacda05901e31717fd4171622f4317e2d448aa8fddb7cae8ffb43ca4b2cb920e3711149

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.simpleitalian.com.au
  • Port:
    587
  • Username:
    bookings@simpleitalian.com.au
  • Password:
    SIpassword101$

Targets

    • Target

      invo5514155.exe

    • Size

      687KB

    • MD5

      fc0b0215e0ec8169fcd6556e236302c1

    • SHA1

      e7b965067c6b7be5e24ad284562a9bac91e591e3

    • SHA256

      4012c4289aa953f24fdc7e1e257f2d9b04f835a8d6bd1b8eb919271c46a7db62

    • SHA512

      7359ba0dd283d5e9976d2604a87e8a48339e8d2f5433bd2488a2745c6443da672fe9889805b22f6044e2469333ef58b65d37d5f73eae3ab06b76d12704f5c0bd

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks