Overview

overview

10

Static

static

1

f7925b0edc...cf.rtf

windows7-x64

10

f7925b0edc...cf.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f7925b0edcb383f181bbb45b29acaad0b837f0ea742a755e47aed688bcd170cf

  • Size

    58KB

  • Sample

    231203-b7fzrsgh36

  • MD5

    6ee6e6e58e88fbb222f7b1c8e37973d7

  • SHA1

    fad289b5872a39a24d151ba59102c8d7c2e73e35

  • SHA256

    f7925b0edcb383f181bbb45b29acaad0b837f0ea742a755e47aed688bcd170cf

  • SHA512

    439dd171e5fcb4d30928b2fa19f17f709ca5056ae097a03decd7b9df6da5726eaf3b93499958660cecf75eef0d25d575216e5b6009f3ff68756c949ff272abc8

  • SSDEEP

    1536:zU3fjdJnp5MMS+IX/tlKcEVM0l+Sdym9NEPTpKzEjs3jHBE:XtlKc2fl+SdBHErpKzEjs3LO

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      f7925b0edcb383f181bbb45b29acaad0b837f0ea742a755e47aed688bcd170cf

    • Size

      58KB

    • MD5

      6ee6e6e58e88fbb222f7b1c8e37973d7

    • SHA1

      fad289b5872a39a24d151ba59102c8d7c2e73e35

    • SHA256

      f7925b0edcb383f181bbb45b29acaad0b837f0ea742a755e47aed688bcd170cf

    • SHA512

      439dd171e5fcb4d30928b2fa19f17f709ca5056ae097a03decd7b9df6da5726eaf3b93499958660cecf75eef0d25d575216e5b6009f3ff68756c949ff272abc8

    • SSDEEP

      1536:zU3fjdJnp5MMS+IX/tlKcEVM0l+Sdym9NEPTpKzEjs3jHBE:XtlKc2fl+SdBHErpKzEjs3LO

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks