Overview

overview

10

Static

static

1

Purchase O...29.exe

windows7_x64

10

Purchase O...29.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order PO63829.exe

  • Size

    356KB

  • Sample

    211020-cb476ageb9

  • MD5

    b8d994b327b1f42d63e6d9e7294853a0

  • SHA1

    5e6f6dfddffa48bdfd9890f68b456482b40d3b8f

  • SHA256

    750c482a5ed1cc058c1bdfc18bc84d963f03cf75103ff66ea3452128a67bcd0e

  • SHA512

    a6441be339ac71ac91f1416aa7ebf408ddc6b490acb4a82532a16a036d299fd49ccc7aa9b631a61091f28b844ea9bfecf4c2698991d04e01b208a99fc54885f3

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Purchase Order PO63829.exe

    • Size

      356KB

    • MD5

      b8d994b327b1f42d63e6d9e7294853a0

    • SHA1

      5e6f6dfddffa48bdfd9890f68b456482b40d3b8f

    • SHA256

      750c482a5ed1cc058c1bdfc18bc84d963f03cf75103ff66ea3452128a67bcd0e

    • SHA512

      a6441be339ac71ac91f1416aa7ebf408ddc6b490acb4a82532a16a036d299fd49ccc7aa9b631a61091f28b844ea9bfecf4c2698991d04e01b208a99fc54885f3

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks