Overview

overview

10

Static

static

1

8404d3dc32...39.zip

windows7-x64

1

8404d3dc32...39.zip

windows10-2004-x64

1

8404d3dc32...39.rtf

windows7-x64

10

8404d3dc32...39.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    8404d3dc32b0555bc3b076d7fc080d2a341508b4a2c84805a1d5ffc0057e2b39.zip

  • Size

    11KB

  • Sample

    230513-rsmrrsgd54

  • MD5

    fd06e569a6c2765e3944a0fea53eb27f

  • SHA1

    8b8959e65a84c61095db2b97ff118f1b8acc5041

  • SHA256

    d72a1f51a91a07f1a034935d9a0f7b28262da92dceddb41b523e276c16f8efed

  • SHA512

    b8f44062bfa33ddcc21aa6209afb7ca3248f461216838d46e16e9237a4805937e6b2ff9293f78b9c30f3ec5408651b0d6840ec7ce99a260d67325baa5a5b1c5a

  • SSDEEP

    192:zJWOh1FQoCfHJXvXuH53ra4Qqf+fzGfK0OOXbUCf3pbfOHMuMls:zYW1FQsH53O4Qq2iXXbffBmH1Mls

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      8404d3dc32b0555bc3b076d7fc080d2a341508b4a2c84805a1d5ffc0057e2b39.zip

    • Size

      11KB

    • MD5

      fd06e569a6c2765e3944a0fea53eb27f

    • SHA1

      8b8959e65a84c61095db2b97ff118f1b8acc5041

    • SHA256

      d72a1f51a91a07f1a034935d9a0f7b28262da92dceddb41b523e276c16f8efed

    • SHA512

      b8f44062bfa33ddcc21aa6209afb7ca3248f461216838d46e16e9237a4805937e6b2ff9293f78b9c30f3ec5408651b0d6840ec7ce99a260d67325baa5a5b1c5a

    • SSDEEP

      192:zJWOh1FQoCfHJXvXuH53ra4Qqf+fzGfK0OOXbUCf3pbfOHMuMls:zYW1FQsH53O4Qq2iXXbffBmH1Mls

    Score
    1/10
    behavioral1behavioral2

    • Target

      8404d3dc32b0555bc3b076d7fc080d2a341508b4a2c84805a1d5ffc0057e2b39.doc

    • Size

      26KB

    • MD5

      9438b01f1e855f29eaf97344c263aa5e

    • SHA1

      271427843c271f7d0a0c4e69517bd39df9693b75

    • SHA256

      8404d3dc32b0555bc3b076d7fc080d2a341508b4a2c84805a1d5ffc0057e2b39

    • SHA512

      3222ecb01dfa57ee3901774a5b37fb4634418f2a72bd8447bee882e1594a45331de3669f7d06c9241b6e8293c7717c597fa6e4fe62a5e67e5fd76db13a35d609

    • SSDEEP

      384:FBL0AbZS3qC+L4desyxQbg01MYlCK7EWAHnUtqm3Gwa:FBwAbZS3qC12Qbg0jlCI5tR7a

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks