Overview

overview

10

Static

static

SecuriteIn...41.rtf

windows7-x64

10

SecuriteIn...41.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Exploit.CVE-2017-11882.123.19899.13341.rtf

  • Size

    8KB

  • Sample

    221206-jgyqwsag8t

  • MD5

    b21080496cd06c4ec05a717005ac8de0

  • SHA1

    19e19d2cfb4beb2b01a58e946686b65670fa1d5b

  • SHA256

    f7d23a1a9687e11409154eef5ff6e38b0ce19bd6747b45814cd6221ee1bc02cd

  • SHA512

    2a14ea6b993798af7ef501dd2f482f3857baa0a3c2d006ac76f693d8cee5fd1751979e4599cbda29f02c7d0e637b29752f8fb2d96a8573c452bacce8f4cb4756

  • SSDEEP

    192:yjuVkiWDShim94VQiCO3Ya+KizjfVQ6jNM99HTbBGG:yjuVkciizipIn9zjdBM9pBGG

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://discord.com/api/webhooks/1048308947817353288/5ypgS4XmSt1xW_MYhzjePp8jxnOIkdnEO0OTccrP0m7sB3ynEyezAUtrX-js6a4kTsJ8

Targets

    • Target

      SecuriteInfo.com.Exploit.CVE-2017-11882.123.19899.13341.rtf

    • Size

      8KB

    • MD5

      b21080496cd06c4ec05a717005ac8de0

    • SHA1

      19e19d2cfb4beb2b01a58e946686b65670fa1d5b

    • SHA256

      f7d23a1a9687e11409154eef5ff6e38b0ce19bd6747b45814cd6221ee1bc02cd

    • SHA512

      2a14ea6b993798af7ef501dd2f482f3857baa0a3c2d006ac76f693d8cee5fd1751979e4599cbda29f02c7d0e637b29752f8fb2d96a8573c452bacce8f4cb4756

    • SSDEEP

      192:yjuVkiWDShim94VQiCO3Ya+KizjfVQ6jNM99HTbBGG:yjuVkciizipIn9zjdBM9pBGG

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks