Overview

overview

10

Static

static

1

PDT9377823...DF.vbs

windows7-x64

3

PDT9377823...DF.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1BA102E51ABB2B30FA5856BE2213C315519FCA2B5F400EFDE38AA3C88DFFD681

  • Size

    400KB

  • Sample

    230518-cfne7shc54

  • MD5

    4d90a84b93f9a603c7925a8050809493

  • SHA1

    a0b67be4112520766bdd7b5940a997cc1f5af5f5

  • SHA256

    1ba102e51abb2b30fa5856be2213c315519fca2b5f400efde38aa3c88dffd681

  • SHA512

    0bb1069f7f92940d883fafef67afa5f5d9f63e381bd439c1954ea8c97b18b4aa092cab1f06074af62968c53ae1646c0847dfd8e8236288955f35fc0b26c81137

  • SSDEEP

    1536:mD89r/aDcWJwG0mtvR/Eg5lq1laktrO8MmxqMsTMBhui:mqto

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5361912293:AAGLRU8lOnvgedEVLW84nw6uJBR8KKRq6f4/

Targets

    • Target

      PDT9377823-735363563.PDF.vbs

    • Size

      339KB

    • MD5

      50430be7e76cee93bfb67f638c45db24

    • SHA1

      f367d92793ad4a7b6765a5ee2183a418c34c10a9

    • SHA256

      88c4fd970ee45f12ab4b95370a2ceffa64dc27b0da5e181f5755532aad7010c5

    • SHA512

      ae70b5fe2e4c110c6e7c5a2e4c38dae2a313630d8c4dc2cf0685986ad30a5d61a391d26422de228c015846f51ca2146d8db57aedc81fa95ae74432ba6dac8a44

    • SSDEEP

      1536:j89r/aDcWJwG0mtvR/Eg5lq1laktrO8MmxqMsTMBhuiW:Kto/

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks