Overview

overview

10

Static

static

Qatar Order.exe

windows7_x64

10

Qatar Order.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e8a984b01a89baf49f1ec946a0893a8cce6509386183ffca6429ab4c8b80932

  • Size

    594KB

  • Sample

    220520-3dyfhagga6

  • MD5

    a88406228ffe634d8706a732273dd1c2

  • SHA1

    0d14d86fc80c5f5025f7f31168122876010d2f27

  • SHA256

    0e8a984b01a89baf49f1ec946a0893a8cce6509386183ffca6429ab4c8b80932

  • SHA512

    db0e74c84e2f3f459d86134f76f288641bfe760a4d0ad4b038ff7e72d0547ba061b89adcf391339bbeadce4beb1932c558a7b445b8012d8dead3ab98a04ecc55

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Remember@123#

Targets

    • Target

      Qatar Order.exe

    • Size

      952KB

    • MD5

      35886dda90c82b5777f9173b5d0182ff

    • SHA1

      9a6db6e787d57f5f29ac88bea46377f9b19f7d3d

    • SHA256

      f9d23884ea2c8b181615c7e0eaeee633d85d5c7c76ed347ce02fb89c5529ebe7

    • SHA512

      053512ab2f50c2c5639a969abab077a56aaa7c9f77f6710a2ce503d5a21ea6c6a706cb1f698ec092c9afd511c8189fbb5e7eaf59de668d4fa6d55890c93f62ba

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks