Overview

overview

10

Static

static

Copia dell...to.exe

windows7-x64

10

Copia dell...to.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Copia dellordine di pagamento.tgz.gz

  • Size

    306KB

  • Sample

    221129-qmtgpacg32

  • MD5

    0a5967e6b0f29aed16af5f8a4f84099f

  • SHA1

    0c42c4c8adb321b3f5b5118261ddc082f139925c

  • SHA256

    76142d7f4c863e413429c8afc13aebf9f0afeddb3be14ee033ba1bd2e89b0741

  • SHA512

    4d7c388b0c88dc7088c95d965dd96450b729d9674073dc755e65752ca7b02c33654ac6e18ba9107dd808046602f589a6e038e7a66a648b4da717873cd328bc54

  • SSDEEP

    192:5GovtAWTIqGJmakfCLOYRy3fwObp7/c44ZVTODXxh:4AAHJCqivRVS4h

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5954474519:AAEGnfW1mRvGRxq-zIAvwJfpKEbhLLiqVaM/

Targets

    • Target

      Copia dell'ordine di pagamento.exe

    • Size

      300.1MB

    • MD5

      af75b6039c209b6c31915ca4957adcd8

    • SHA1

      af396a57bd962bbc927143f924d279962eaa9d5c

    • SHA256

      ecc0953d70c3f7f7fce5ef31dd734452a3ba52d63ec4020646c8a999e10d6003

    • SHA512

      b303c246e15c2e705bbf19f3290f073a199249085321bbdc706ab54fa274c43882d8a0379a781c97050bbed12bb51478b6b4cbc9e18d29496303b2bec92896e0

    • SSDEEP

      384:z7MRYI5eLyY9kgbZQAgDNGprbptYcFmVc03Kv:zzI5aT9kgOAgoFtYcFmVc6Kv

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks