Overview

overview

10

Static

static

Payment.xlsx

windows7-x64

10

Payment.xlsx

windows10-2004-x64

1

attachment-2.gif

windows7-x64

1

attachment-2.gif

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BEED07428D068FF26201b4696.txt

  • Size

    33KB

  • Sample

    220819-p52qcadeep

  • MD5

    957e9ba6707a05bbe9f2a9084a999c15

  • SHA1

    93eee66b3ab64ade57664195cf7ac65619fe1db7

  • SHA256

    0a5f92e5b123835242b28f93788c9c122846dabfef531fd3c2452f5496363985

  • SHA512

    16819604e1b0067c2ac21daf4178dff348fe33ade089bb0d1d821ba1d35e67da7a422a5ef67f1ca5fe6e589f0f74af252c43f7d43e012cd25c49f8551f5309c9

  • SSDEEP

    768:BTUO38n4RuWgLW2ie+8qTEe12ie+8qKWF9sEMKW2idF8ahAGSQP9PapE6Z8qKWb4:B4O3l+W2ie+8qwe12ie+8qKWF9sEMKWZ

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1900392974:AAEB_yGGlWksNcNC4Dg08OgUSlmDON2w098/sendDocument

Targets

    • Target

      Payment.xlsx

    • Size

      20KB

    • MD5

      8b1f48f634933fa99747ad66bdbd2509

    • SHA1

      a686db076be817083772fbe0e9ab5f78cf2f84e3

    • SHA256

      467dab8f3f0bcb21de778ba8a43943011bfb07f3897a332ae3145f17aade2065

    • SHA512

      528490c2c1c88b872049287cfba4555a7a3203be6ba13cd061399622e13c36384a693be0f9a4f354b78c7f80ed2a5d635d00977e2ec462a6930db23003769965

    • SSDEEP

      384:ObVdvgBTUbh7K2I0hPN/4kiIDytTGrGKWPJPyCjj0:OBukRRRGtTGqTaCX0

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      attachment-2

    • Size

      43B

    • MD5

      325472601571f31e1bf00674c368d335

    • SHA1

      2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

    • SHA256

      b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

    • SHA512

      717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks