Overview

overview

10

Static

static

3

SHIPMENT DOCUMENT.exe

windows7-x64

10

SHIPMENT DOCUMENT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SHIPMENT DOCUMENT.exe

  • Size

    851KB

  • Sample

    230510-lr665ahb6x

  • MD5

    124c54bed5730b9ed4710fc2e2202082

  • SHA1

    c12ec1fa01d46124ed372053f569cd0b42ec9b09

  • SHA256

    aba99ac623b8f43f53873ee48dbf2f18f7206ae2041821e660b79505a3743ead

  • SHA512

    4cd1987d59a9e83e101a380475e2c8e759bcac7dee8d12e4739f697332494d9071734518f1d8d8aff321889d4ff333a2e2f2b0120701381464b1ad69846f6350

  • SSDEEP

    12288:kGqjH3XLZfOxXyTvAPobuLeifn7H5KwACs/MnhUR73mrg8FmA6B3I/Zw+J:ktH3XNCXreifn7Hrs/mhA3yxrJ

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SHIPMENT DOCUMENT.exe

    • Size

      851KB

    • MD5

      124c54bed5730b9ed4710fc2e2202082

    • SHA1

      c12ec1fa01d46124ed372053f569cd0b42ec9b09

    • SHA256

      aba99ac623b8f43f53873ee48dbf2f18f7206ae2041821e660b79505a3743ead

    • SHA512

      4cd1987d59a9e83e101a380475e2c8e759bcac7dee8d12e4739f697332494d9071734518f1d8d8aff321889d4ff333a2e2f2b0120701381464b1ad69846f6350

    • SSDEEP

      12288:kGqjH3XLZfOxXyTvAPobuLeifn7H5KwACs/MnhUR73mrg8FmA6B3I/Zw+J:ktH3XNCXreifn7Hrs/mhA3yxrJ

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks