Overview

overview

10

Static

static

3

Purchase O...43.exe

windows7-x64

10

Purchase O...43.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order.5643.exe

  • Size

    1.5MB

  • Sample

    240118-jklwhafcfj

  • MD5

    ea2d5c4a8b18baa2b176bcf1081ed78f

  • SHA1

    3cd6d04fc855d0363552c2819b5494c3099256dc

  • SHA256

    d5733b86891cf1507cbbc97b0cef0280175d40bf946eea3d302ec19d6ed38369

  • SHA512

    af0dfc8df6fbf60a28b0ce6d5c1f2de09dd2490b1827f1dd087e6e7afc75e5f00de219f69a954fd8338b3a24551dc2477fc28eb23e0213cb92b1c10afda2c2ec

  • SSDEEP

    24576:aWaS+JEfphxW553sSntC6s+6qbU0saooQaPSMdLAWqY8fWFEIJ3VUPvymws5IgZs:WS+axysYC6syUkoPaPS2AJNyxUP+Mk

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.cornery.com.my
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Market321*

Targets

    • Target

      Purchase Order.5643.exe

    • Size

      1.5MB

    • MD5

      ea2d5c4a8b18baa2b176bcf1081ed78f

    • SHA1

      3cd6d04fc855d0363552c2819b5494c3099256dc

    • SHA256

      d5733b86891cf1507cbbc97b0cef0280175d40bf946eea3d302ec19d6ed38369

    • SHA512

      af0dfc8df6fbf60a28b0ce6d5c1f2de09dd2490b1827f1dd087e6e7afc75e5f00de219f69a954fd8338b3a24551dc2477fc28eb23e0213cb92b1c10afda2c2ec

    • SSDEEP

      24576:aWaS+JEfphxW553sSntC6s+6qbU0saooQaPSMdLAWqY8fWFEIJ3VUPvymws5IgZs:WS+axysYC6syUkoPaPS2AJNyxUP+Mk

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks