Overview

overview

10

Static

static

3

July 19.xll

windows7-x64

10

July 19.xll

windows10-2004-x64

1

July 19.xll

windows7-x64

7

July 19.xll

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ENTIRE_MESSAGE.eml

  • Size

    349KB

  • Sample

    230719-t97jlsad7z

  • MD5

    ce1eed4fff6022a3720903ac5b3dfae9

  • SHA1

    a2fbffe281ee7d33cce3b0b273806081bf7173e2

  • SHA256

    33bb69fba4ec574981f478570c36a2375095de37f98e2710191f678f03c1d232

  • SHA512

    d2302c41feef71424aabddd801dabf49eb3e95c4bd57120edeac6bf026aa72d4e063c569a4a813abd9904778ef9ba80b3e7965e7a3ce061b11e6afb3c3a19aa3

  • SSDEEP

    3072:aeTNO6HTncCrv1uzgewt67ubW3bfKZ0lI+7uq0Hz+9M//FIWorPCvWvrEm:aeBzncau8/t67/bfKZqv7uq0To+sHj

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      July 19.odc

    • Size

      142KB

    • MD5

      e2600a5d9aaaf6d81e0d68ec2ca71361

    • SHA1

      e8f6f376f4ae1e669c8c1a051bf61ad37d16ec1b

    • SHA256

      a686a75059f0b09c102bf4e39e21c456e43d82608af522c2797983805532e0f1

    • SHA512

      08d45e4dbed27d079bc0ef6f1024b12cdebb98e0ac53d4baffe5a4f8a64bdf224d86ecbdf2d2ba8e8a191900937cee523d85ebb30860e32bafbdc5417d947aac

    • SSDEEP

      1536:/Z0gocO2fef1HL17B0rkVFd3Gxou3u22msPBZH+R6zXqAJl:/2TcO2fG1r17BYkjd3Zu3u22msPBEm

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      July 19.xls

    • Size

      115KB

    • MD5

      118865e6a775e2e872ec21a8ad67354f

    • SHA1

      58e499c9aa1f98000a5e71e0880a907ffe393a32

    • SHA256

      d36c54c62ad04ef56cf79afbcc326eb8050f53a94fed415ba2baf829d2b5032a

    • SHA512

      eee66e4e0bd233676ce19e1c686d903349f246482e8689d28d2225a348420b6cc99ab13ab57796a7ff3473f98055603420509ff4f41e7a6eea2d970b23c2c04b

    • SSDEEP

      768:0pjSPSX/22K6TePz2tIRfNTrLZ6YZI9CatrPzYtJ5KGHNh//z317:euaX/o6T2z4W1PZy9CatrPcPEGthXzF

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks