Overview

overview

10

Static

static

1

PURCHASE O...73.xls

windows7-x64

10

PURCHASE O...73.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PURCHASE ORDER NO 4100000673.xls

  • Size

    1.1MB

  • Sample

    230920-jrhseseh4z

  • MD5

    ad08772e2adebe46242e8e3f302e373b

  • SHA1

    381d9bb6eb6f8142771253681d88cf5011b09a6d

  • SHA256

    917eeb46453deb94e6c16c4519d29d32566e39618baa3c877d9f979ec938e2a4

  • SHA512

    d56b46063a80e8ae9186e3d293eec38400c38a99956fc8f949b2ccb1c4e07d51a42721189364f8f2dc01bc872b10ed4ff85f42f7648a85c9f2c6f9941f44ef09

  • SSDEEP

    24576:FWQmmav30xSZy6w6VH6NlZZyLw6Vm6N1aFR3FQkTwJ29+SfKwy6:EQmmQ306+6VajP6VzWvFbTz9+SiZ

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PURCHASE ORDER NO 4100000673.xls

    • Size

      1.1MB

    • MD5

      ad08772e2adebe46242e8e3f302e373b

    • SHA1

      381d9bb6eb6f8142771253681d88cf5011b09a6d

    • SHA256

      917eeb46453deb94e6c16c4519d29d32566e39618baa3c877d9f979ec938e2a4

    • SHA512

      d56b46063a80e8ae9186e3d293eec38400c38a99956fc8f949b2ccb1c4e07d51a42721189364f8f2dc01bc872b10ed4ff85f42f7648a85c9f2c6f9941f44ef09

    • SSDEEP

      24576:FWQmmav30xSZy6w6VH6NlZZyLw6Vm6N1aFR3FQkTwJ29+SfKwy6:EQmmQ306+6VajP6VzWvFbTz9+SiZ

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks