Overview

overview

10

Static

static

invoice.exe

windows7-x64

10

invoice.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice.exe

  • Size

    973KB

  • Sample

    220925-ewybfsdbh7

  • MD5

    86f1eb5561c5b8fe00a8d326e0db454f

  • SHA1

    925975a2a419e1a41f8655547f5c63804a040fc4

  • SHA256

    0fef960ffcfff1054c86a8972e70e39bfb3dd027111375db011d7583c2175ed8

  • SHA512

    f2a9859b8d21af570e04f1252f0167b38b032ba789df96e882c050e027f92c9165d2038f6b5c471d8f7423e1dcf00d49b30c66b2eaec1b42527129b46d749965

  • SSDEEP

    12288:NhLuyAH0u8kw/YAo1JcOqlGwJ+0syBfptO578+X58aR7LmkGAz:NhLuyy31E3lG0jTS78+XSahI

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.pisc.lk
  • Port:
    587
  • Username:
    sales@pisc.lk
  • Password:
    PIsafeTY2021

Targets

    • Target

      invoice.exe

    • Size

      973KB

    • MD5

      86f1eb5561c5b8fe00a8d326e0db454f

    • SHA1

      925975a2a419e1a41f8655547f5c63804a040fc4

    • SHA256

      0fef960ffcfff1054c86a8972e70e39bfb3dd027111375db011d7583c2175ed8

    • SHA512

      f2a9859b8d21af570e04f1252f0167b38b032ba789df96e882c050e027f92c9165d2038f6b5c471d8f7423e1dcf00d49b30c66b2eaec1b42527129b46d749965

    • SSDEEP

      12288:NhLuyAH0u8kw/YAo1JcOqlGwJ+0syBfptO578+X58aR7LmkGAz:NhLuyy31E3lG0jTS78+XSahI

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks