Overview

overview

10

Static

static

1

Request Fo...on.exe

windows7-x64

10

Request Fo...on.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Request For Quotation.exe

  • Size

    210KB

  • Sample

    230403-pphmjagc3t

  • MD5

    849e4575b962f3ba05ec2a74e1f1bfd1

  • SHA1

    622379e35ecdcac678bf01912a5165f7394adce1

  • SHA256

    73dd519acd12d0f745ae97a43ace2880516ef4f2682f8f5970be98418fb3cbe2

  • SHA512

    cf589c81163fd18a1b57f773d880f4c0901e91535a5c66065453c9bdd4c0fc838797a6c681d90413e61f9e23d3b0c151961257224d31a7d799c8e1e27d919299

  • SSDEEP

    6144:rvFSnrnkU2HYBkiXgznK86Fg0cr14K7nDhETsn4:mrnkr0khJ6FkrCA

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.redseatransportuae.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    method10@10

Targets

    • Target

      Request For Quotation.exe

    • Size

      210KB

    • MD5

      849e4575b962f3ba05ec2a74e1f1bfd1

    • SHA1

      622379e35ecdcac678bf01912a5165f7394adce1

    • SHA256

      73dd519acd12d0f745ae97a43ace2880516ef4f2682f8f5970be98418fb3cbe2

    • SHA512

      cf589c81163fd18a1b57f773d880f4c0901e91535a5c66065453c9bdd4c0fc838797a6c681d90413e61f9e23d3b0c151961257224d31a7d799c8e1e27d919299

    • SSDEEP

      6144:rvFSnrnkU2HYBkiXgznK86Fg0cr14K7nDhETsn4:mrnkr0khJ6FkrCA

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks