Overview

overview

10

Static

static

Purchase O...43.exe

windows7_x64

10

Purchase O...43.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order list order no. Hc511Uv7343.iso

  • Size

    1.3MB

  • Sample

    210728-mkdday95wa

  • MD5

    94590d9e0ecb556024be3f4b5cc5bf37

  • SHA1

    7e206ef85f65e81d9170cc32338ce0b32fa66e3b

  • SHA256

    ea45a8f2cba4a4ce3ce9686f451ec7b846b276825b67824e9a10e6e87c927c6b

  • SHA512

    8c300f5646a7f4756f86ded172d3f417628d9d894ca1472f4d22cb70ef6be46233a81066e885ccdf97b178ce0de59388582810eddc5f6850ae3834cc2c36729f

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.mail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    marcellinus360

Targets

    • Target

      Purchase Order list order no. Hc511Uv7343.exe

    • Size

      1.2MB

    • MD5

      69d72a180cbfcd23ba8e3381f1010600

    • SHA1

      2047535b73f5282edee870bd8708edfa41a0828a

    • SHA256

      63d8da7fd598da1f01f7fd40da021cf3a205e56efff2377291825c22fe9dfbc1

    • SHA512

      cfd30d9fca791b9ef0d9b7e592ba6714f55311a18aba81dedec26b4cd18171f49de0520b3b62026bd7df239a95a1c0ec44a747dc3033bacfe76d5fc6ee066aa6

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks