Overview

overview

10

Static

static

5

Recibo de ...DF.exe

windows7-x64

10

Recibo de ...DF.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Recibo de envío de DHL_Guía de embarque Doc_PRG211003417156060.PDF.exe

  • Size

    1.2MB

  • Sample

    240119-t1ykcaadb6

  • MD5

    abc92864e90a6af2970addaa148ef75b

  • SHA1

    7667c13d6dc1f61ec2851eec1c6c99b35b80528d

  • SHA256

    b909af5762d7adef435ec0cb9afd8752d171952dc796d9a7269d2b1838e31225

  • SHA512

    204171536c0ee82487254da7245abd322789bfdd517b99d8e3f5688859c68a1d45da71bb81471d4a9ea9ca89ae8596a6f42f3089565532609415044d81244935

  • SSDEEP

    24576:wqDEvCTbMWu7rQYlBQcBiT6rprG8arKWRzIoprcljSB:wTvC/MTQYxsWR7arKWRkoZclj

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.siscop.com.co
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    +5s48Ia2&-(t

Targets

    • Target

      Recibo de envío de DHL_Guía de embarque Doc_PRG211003417156060.PDF.exe

    • Size

      1.2MB

    • MD5

      abc92864e90a6af2970addaa148ef75b

    • SHA1

      7667c13d6dc1f61ec2851eec1c6c99b35b80528d

    • SHA256

      b909af5762d7adef435ec0cb9afd8752d171952dc796d9a7269d2b1838e31225

    • SHA512

      204171536c0ee82487254da7245abd322789bfdd517b99d8e3f5688859c68a1d45da71bb81471d4a9ea9ca89ae8596a6f42f3089565532609415044d81244935

    • SSDEEP

      24576:wqDEvCTbMWu7rQYlBQcBiT6rprG8arKWRzIoprcljSB:wTvC/MTQYxsWR7arKWRkoZclj

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks