Overview

overview

10

Static

static

1

Nuevo orden09.xlam

windows7-x64

10

Nuevo orden09.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nuevo orden09.xlam

  • Size

    604KB

  • Sample

    231201-hsayjafg23

  • MD5

    1cced94c2f3295856386a392a325da66

  • SHA1

    dcfae48899f023345cc40c719c44667901800915

  • SHA256

    82654c49112053c84ca03dad9fe70453d7a0565da3b0ce398cb884807827f992

  • SHA512

    ced1b717a2609a566189a201aab8278e998e151e3816ddc7b5be9c63e7a348c02c93f09809b6d0207d056bc2a43dea29e7ee470e5eebdf6b612bc12dce6966c9

  • SSDEEP

    12288:8qDEDDicPcVmotix40XvlFPGAAvjh6zIFS3iXb7Ze94yaoTnkcu7HJtGUNwN:jSDickVV7cDGt6zhiXICyJ4cCHJtjN8

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5866032214:AAFIOyXMBAXtSDPbd1lqRSgP4WSftaTimg4/

Targets

    • Target

      Nuevo orden09.xlam

    • Size

      604KB

    • MD5

      1cced94c2f3295856386a392a325da66

    • SHA1

      dcfae48899f023345cc40c719c44667901800915

    • SHA256

      82654c49112053c84ca03dad9fe70453d7a0565da3b0ce398cb884807827f992

    • SHA512

      ced1b717a2609a566189a201aab8278e998e151e3816ddc7b5be9c63e7a348c02c93f09809b6d0207d056bc2a43dea29e7ee470e5eebdf6b612bc12dce6966c9

    • SSDEEP

      12288:8qDEDDicPcVmotix40XvlFPGAAvjh6zIFS3iXb7Ze94yaoTnkcu7HJtGUNwN:jSDickVV7cDGt6zhiXICyJ4cCHJtjN8

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks