Overview

overview

10

Static

static

Purchase Order.exe

windows7-x64

1

Purchase Order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order.exe

  • Size

    1.2MB

  • Sample

    221018-s5gxqagfcj

  • MD5

    2c80a493f1136edf8682a510e9531aad

  • SHA1

    e5cc07aa95bfd92d936ada26d09e264929b77e6d

  • SHA256

    60717b7d8e892e00263effbd6c27f84161c512dd8339463bd35066bf277194b0

  • SHA512

    465a5dff6a31be317f7fe08bc5e3848596574683057624a3ec9a7ed34b2eca54f372408edc1a6a0cd50c2f7760a49a41f972feecdb45b34d3b9d5f49bbeb1a78

  • SSDEEP

    24576:sfoqet3iZrVWwdy0unTgumoa38SFJR/aALj:sgqetuRZKgRsSN/XL

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5711515928:AAGr5pLEJgjvMf5yBzvNPjftYdw-oXyzKzg/

Targets

    • Target

      Purchase Order.exe

    • Size

      1.2MB

    • MD5

      2c80a493f1136edf8682a510e9531aad

    • SHA1

      e5cc07aa95bfd92d936ada26d09e264929b77e6d

    • SHA256

      60717b7d8e892e00263effbd6c27f84161c512dd8339463bd35066bf277194b0

    • SHA512

      465a5dff6a31be317f7fe08bc5e3848596574683057624a3ec9a7ed34b2eca54f372408edc1a6a0cd50c2f7760a49a41f972feecdb45b34d3b9d5f49bbeb1a78

    • SSDEEP

      24576:sfoqet3iZrVWwdy0unTgumoa38SFJR/aALj:sgqetuRZKgRsSN/XL

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks