Overview

overview

10

Static

static

1

NOTA_DE_.chm

windows7-x64

10

NOTA_DE_.chm

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Nota de aviso de pagamento 2028242575.img

  • Size

    1.2MB

  • Sample

    230504-xb7cqsgc4z

  • MD5

    1eda04592d13bd25af575abcc758920f

  • SHA1

    015c5033962fc72ec0da84b24c115aeffbc4c79a

  • SHA256

    4e5adbeec13351073966ef1359fb442cfcf1ca6e1aa8485804f9281c65c3d276

  • SHA512

    cf938fda484f2a08160c25081aba075bf106800767dc846800c473dffc437a4a98d64968027922981349915274bba53297488dfdefd3dd8b8b73f7e15cedb085

  • SSDEEP

    192:b0r/h4MHhYM1xQoSiKGureT0FDCkUUKZB2FvC5bjlb/bbxR4imW4xBq34Po:YVmHGureT0FKUUB4alZbbbxRmNB3Po

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://mailink.app/K72.txt

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.kamen.si
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Motherland23@

Targets

    • Target

      NOTA_DE_.CHM

    • Size

      17KB

    • MD5

      bb8f93b0d3d4705f5b392c86eb874026

    • SHA1

      a966e0c6a9089cb0d2109bcf3f0af6259a9b40e0

    • SHA256

      5a883d1a6f91650bdf834da1d2f95e7c02f1898dc4f9a4fed59c4b2c40b62f6d

    • SHA512

      89547138d769841ea014d5623bc007bfb668b1b4d140d9c087311484f0457aebd83cc340c2d2275d7388e1cff405f572ea886be62318b810b874d858a2ebb042

    • SSDEEP

      192:IGureT0FDCkUUKZB2FvC5bjlb/bbxR4imW4xBq34Pof:IGureT0FKUUB4alZbbbxRmNB3Pof

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks