Overview

overview

10

Static

static

1

19-0415 MS...SC.exe

windows7-x64

10

19-0415 MS...SC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    19-0415 MSC Open Tariff for ALL TradeMSC.exe

  • Size

    1.2MB

  • Sample

    230323-qmsv6afh98

  • MD5

    6aa8165d84e10eca4efeae8cf6b2bb7e

  • SHA1

    2348660a3e668236c1eb7ee8ee70c5152fd59364

  • SHA256

    dc9fe72e588b9814beb814a7864c534cda5dffa477ea3cae21240a02845eafad

  • SHA512

    87471134f5c95a774787b6e87961598bcf4c6ac413df515da9644b2a26528b267e8dde32b3b2218ea0f47630780a54f929a966e0d948784a36e407d68e657434

  • SSDEEP

    12288:nqHGo5H1P3sRg+K8VGwD2QHxgB+z/dIgVEM6iM83HJf1z1myAywPccF/l2P6NsMJ:nqHR+KTwDnHI2OTPoHJfB1/q2yNsM

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      19-0415 MSC Open Tariff for ALL TradeMSC.exe

    • Size

      1.2MB

    • MD5

      6aa8165d84e10eca4efeae8cf6b2bb7e

    • SHA1

      2348660a3e668236c1eb7ee8ee70c5152fd59364

    • SHA256

      dc9fe72e588b9814beb814a7864c534cda5dffa477ea3cae21240a02845eafad

    • SHA512

      87471134f5c95a774787b6e87961598bcf4c6ac413df515da9644b2a26528b267e8dde32b3b2218ea0f47630780a54f929a966e0d948784a36e407d68e657434

    • SSDEEP

      12288:nqHGo5H1P3sRg+K8VGwD2QHxgB+z/dIgVEM6iM83HJf1z1myAywPccF/l2P6NsMJ:nqHR+KTwDnHI2OTPoHJfB1/q2yNsM

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks