Overview

overview

10

Static

static

invoice_7_...).ppam

windows7-x64

10

invoice_7_...).ppam

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice_7_812937_pdf (1).ppam

  • Size

    43KB

  • Sample

    220928-mns1rsffb6

  • MD5

    abc10626cb26528d887b9a2268d300a3

  • SHA1

    c8e7e2be906190ecfc038009c93df645ccbffb1b

  • SHA256

    be62c35089f72b5317ea0c1bcb6d3a931205a98af434efd5b32410b6d9aa8fea

  • SHA512

    bef8d4f713a7b3ab2ae5bbd6c3a8282951fc9889f067b6cbbb7ef2b217dbdd613554d588c8c8af34de5ed263eb0d550bb9dbf0842dc2b641876f93744fd6a320

  • SSDEEP

    768:MAzJ/c/lsTsK/n/Okf6R9/i/LxC8vVJOQPdYI+4zrSNJAWWnxmT0gXJ1D5Jj5wJI:MAFkt09fmj7ajB0mxIPd3wU1/K8Nytst

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      invoice_7_812937_pdf (1).ppam

    • Size

      43KB

    • MD5

      abc10626cb26528d887b9a2268d300a3

    • SHA1

      c8e7e2be906190ecfc038009c93df645ccbffb1b

    • SHA256

      be62c35089f72b5317ea0c1bcb6d3a931205a98af434efd5b32410b6d9aa8fea

    • SHA512

      bef8d4f713a7b3ab2ae5bbd6c3a8282951fc9889f067b6cbbb7ef2b217dbdd613554d588c8c8af34de5ed263eb0d550bb9dbf0842dc2b641876f93744fd6a320

    • SSDEEP

      768:MAzJ/c/lsTsK/n/Okf6R9/i/LxC8vVJOQPdYI+4zrSNJAWWnxmT0gXJ1D5Jj5wJI:MAFkt09fmj7ajB0mxIPd3wU1/K8Nytst

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks