Overview

overview

10

Static

static

1

123.zip

windows7-x64

1

123.zip

windows10-2004-x64

1

123.eml

windows7-x64

6

123.eml

windows10-2004-x64

3

PURCHASE O...44.rar

windows7-x64

3

PURCHASE O...44.rar

windows10-2004-x64

3

Swift.exe

windows7-x64

10

Swift.exe

windows10-2004-x64

10

email-html-1.html

windows7-x64

1

email-html-1.html

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    FW RE INC000094999781 Offense #126930 FireEye Retroactive alert detection.msg

  • Size

    63KB

  • Sample

    230211-qqxzaade4x

  • MD5

    706ae631637a36f371124299561900c6

  • SHA1

    9d8c6fc4476d9fc0aa4b963668d94908397a8840

  • SHA256

    6bb433775d62ea77cb78f96db1afd0957c531805dbb26c4cd020fd39b58e623f

  • SHA512

    d7af8740f457aa95e659f3abea35e217499a5ea4275f030b32046d2b20ae8ebd951f487b3cb1e026269ec148abeed2f286c0c13ce7e8bb4e88138fcd7a25a9b1

  • SSDEEP

    768:RQjtzKM4dfpOoe+7YDPgo/pLCVM8xEa8pLRG+SADS6eawuIe6thzuKDdk9z8+lId:5woFYDV8xEDLRdS6ewqhqKdk9JT6

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/

Targets

    • Target

      123.zip

    • Size

      25KB

    • MD5

      d02662ab76f9d9ef5073840308884d84

    • SHA1

      71acb514fb049b28225cb5efaf3a7b1acc27a685

    • SHA256

      8b042bc56697316f4dd9e013ac8fd0b904cac8fa83ae1d8b9fb14f8163736207

    • SHA512

      5c6c7b2c992a19f72a5daf0a633988f8b3342361a04b37e7276f373ec47a3bba1307dbfd585c79d7739e88d3c399a20f2d02cd5bd13871828a8d232e67985fcf

    • SSDEEP

      768:zLRG+SADS6eawuIe6thzuKDdk9z8+lIJ9WVcm:zLRdS6ewqhqKdk9JT6m

    Score
    1/10
    behavioral1behavioral2

    • Target

      123.unknown

    • Size

      34KB

    • MD5

      bd8c8a40e0d0834cec883ca320c0d84f

    • SHA1

      c5e757b74d55524e9b65288f288a5858372b36e4

    • SHA256

      7e837049daf12a1f3d58a2dc5a616d88919f2ba94ae008be69fb31e17715f978

    • SHA512

      d6dc9b012a30675e547830d20af6a1bfba8927418beadfa58a982f357d63ff997aa73a4fd3f76e5a6704de3b8adc414b81d8263731db8ef8de68b33070b547be

    • SSDEEP

      768:C+0Dk5eJeDGvHcPCycWOTKG0Yvi5SqptuCuxW/Q/F5dQYIUGQPWK:C+0FHzbZKoi5SqpJuxkQvN

    Score
    6/10
    collection

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    behavioral3behavioral4

    • Target

      PURCHASE ORDER INQUIRY DB PO_#33344.r00

    • Size

      21KB

    • MD5

      de4c5c197dabfaae0c03dd75406f8267

    • SHA1

      2604274695684274232742ee0d708a6363068b48

    • SHA256

      bf708deb111ff90539629bc6222a5ea252cc21fafd36c4058eddfaf6c219d1b5

    • SHA512

      f024d3327c0af7c8e133ad69175072fc8c5abc87754a4b021d064684eba97a07bfa31c470fdc3ec1f48e77552cccb4ec32e36a0d8c3475b3d69a666173dc7755

    • SSDEEP

      384:EodgxLqw2TMzp8C8Y9Af03iCIpCU59L+L5qohCZaYw7fEi1jFcwWWiVDqr:Ngx1YonYctmr9LNoXYEfTWWsy

    Score
    3/10
    behavioral5behavioral6

    • Target

      Swift.exe

    • Size

      64KB

    • MD5

      c3dda199739ccc5699ea98f22eb1d0ba

    • SHA1

      8ca42b38a4df27fbd18b060092009b1092f79932

    • SHA256

      8cd3a69637a14aeb7a0db8c47a197e8cdee48d1c995b8ea848449b1f206a8d24

    • SHA512

      828ebcaa0b8d7fbcb50768669921980ae389582ef25ea643541fa89a60d9c34639e170cc80eb378c56028b4ef1229141faa93f896b3c724f963139266c7c0dca

    • SSDEEP

      768:M4OE/9oA9EfutLtTP44IuAgpjELM40LO6dusn04el:BOe9oA9EfKP4yFp+M40ymuL3l

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral7behavioral8

    • Target

      email-html-1.txt

    • Size

      1KB

    • MD5

      8e743a00cdd8982f62d4e6d11b09a6dd

    • SHA1

      abac35d95728e7d0ad7fd4720ef6d8b72f775925

    • SHA256

      c05db2f4d3482e9c3886c3fd19dea4c4bad4fcf06486a0eae383d1e849d893b0

    • SHA512

      a7158fcd4d2e29a3c494972f267e4a8cf537220cfffd4672b13b3d0369a26b1d1832ad7232cc015cf03b8489254eb5d8e8a24b1ace617fbf4858a94b607abd86

    Score
    1/10
    behavioral10behavioral9

MITRE ATT&CK Enterprise v6

Tasks