Overview

overview

10

Static

static

3

Purchase O...df.exe

windows7-x64

10

Purchase O...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order_pdf.exe

  • Size

    771KB

  • Sample

    231107-zpvl7shh24

  • MD5

    a6d88a0d5569be22befa066a14fc8a50

  • SHA1

    d1c5085c2125de344f8e43387fd402f7936300c5

  • SHA256

    e914375794ce1cde4a1caa435ff42bb9eaf9c74f5f0138fd8009605c9411b789

  • SHA512

    50c36cbd6677410b335c4c8953cdf604d6c9204cbb2ea018313e42f1d9ac3b2eccaefe44e057ad9015321d17bf16f6e0e5ae23a3800ae94add5a72a44c7b3c09

  • SSDEEP

    12288:hVpBxxuENQ+ZRHi1RpY1KFRa0CtRU5fGtIUaEYZe1LVbhYnr1VE5LK/zr:BnHwz3F2w5zUqGeVBzr

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6631738496:AAG2zE5i799qnEmdlleUzTqWLMkSGsE8aDc/

Targets

    • Target

      Purchase Order_pdf.exe

    • Size

      771KB

    • MD5

      a6d88a0d5569be22befa066a14fc8a50

    • SHA1

      d1c5085c2125de344f8e43387fd402f7936300c5

    • SHA256

      e914375794ce1cde4a1caa435ff42bb9eaf9c74f5f0138fd8009605c9411b789

    • SHA512

      50c36cbd6677410b335c4c8953cdf604d6c9204cbb2ea018313e42f1d9ac3b2eccaefe44e057ad9015321d17bf16f6e0e5ae23a3800ae94add5a72a44c7b3c09

    • SSDEEP

      12288:hVpBxxuENQ+ZRHi1RpY1KFRa0CtRU5fGtIUaEYZe1LVbhYnr1VE5LK/zr:BnHwz3F2w5zUqGeVBzr

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks