Overview

overview

10

Static

static

3

Purchase Order.exe

windows7-x64

10

Purchase Order.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Purchase Order.zip

  • Size

    401KB

  • Sample

    231003-vcs6dsfg25

  • MD5

    d7024c5e38f2b8f8dbfe07eda06c40d1

  • SHA1

    6af4265e07634fcbfe7371de1bc4d74a199dc976

  • SHA256

    7bc03aa044db5904f6e72508762030b1dbcac537ba8903c567a6b853305409c7

  • SHA512

    cf5c2faf37e314551dc9664cc18bd2fc06c51d7e133c55dae6205e937ade5f45b44db536096f9175bb7bad30e7329d19b02e9c484b46a237812ce173b9466c26

  • SSDEEP

    12288:KApOeDhT+AVPl9SL3ch0xufZnkJKZvoq1T08U97LhNWTt:vptDhT+A1QMzh20wuFU93WTt

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Purchase Order.exe

    • Size

      502KB

    • MD5

      5f96ca1cb69ffa48bc90c22e83a33eb7

    • SHA1

      87115d2916f51e0f4bc11725a5d11c86e3064c02

    • SHA256

      e27e63e6096a727c94170fc3459661fe3fda9d396d5451ae253015880b37c9d0

    • SHA512

      8c437cd96c1a79013a0100ece43d5e6448e987253488e1572b88b88a5bdf615d9de85ff5726e340ef22353f5c6dad273eec353589c13295a6849d91ee7bbe6e5

    • SSDEEP

      12288:bFBF5Z/NKh0xapZn0JKZvoa1T0AUh7LhNWIr:RnsJXm0w+XUh3W

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks