Overview

overview

10

Static

static

3

NEW ORDER ...ON.exe

windows7-x64

10

NEW ORDER ...ON.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ENTIRE_MESSAGE.eml

  • Size

    246KB

  • Sample

    240313-ql4k9sfe46

  • MD5

    4a45631801f58a540ea6b0c3061cd609

  • SHA1

    38aef54a004cdc43a11dfe06b9a44b88bbe03534

  • SHA256

    eb23dfc37618b0adff26812a8cb25ae23ea81a5d2742e39b7b8e18777932a23a

  • SHA512

    df5e8c69a437247f33472afa728e44332852e6a5c7618506c0d4cccbf5ddd06bc2089425460112db46f717805d742f87a3b7e50805c11488aa938bfa52e28336

  • SSDEEP

    6144:Pg2weEZNKmBc+FhrOMe2S3uYWGIzIu6rnLfWNeLOM+LTjb:MzRSSje2S3hWGIzQz6M+vjb

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      NEW ORDER QUOTATION.exe

    • Size

      616KB

    • MD5

      792108a635b2d39638f3209191ebafbb

    • SHA1

      8c4f19d030c38f85b87f803f2ba8948929a95bf4

    • SHA256

      7f2803d474cf6b1ca96e58a16d0a46ad611ccb5dabe721fb7818551f18799aac

    • SHA512

      2be121309b52239fc8b30c827c82f74ecdc4f22de0aef19651c35380125b76ba806f36e6dd5a7c88a4aeb2a4ffa09e100b8f095988342ab5fe6cdcdc3ebe9a54

    • SSDEEP

      12288:368EqQkxswcXKC2zNWfm2YRm5sm2YRm5hkxswcXKC2zNW:DEHZX9uWfm2Yysm2YyhZX9uW

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks