Overview

overview

10

Static

static

1

CA-OP2402406.xls

windows7-x64

10

CA-OP2402406.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    CA-OP2402406.xla

  • Size

    34KB

  • Sample

    240319-qkbtvsdg4z

  • MD5

    ac5961d86e95721920bbaa055049a2f6

  • SHA1

    9db4e33efb83d9029e737d7105c6a16d0ff763a3

  • SHA256

    c47b5b5e01d11e26d7bf7b4c23ee682fabc71db90be27da4e69f3c5045dd7bef

  • SHA512

    dc9621a454180c5246eab427d26ef25119bc64cba51103dc8d848b7e9d7c0011da7a87585239cf33e5987e7dcf43f4410d9fee1ff5f54c29c9d10a086e79c131

  • SSDEEP

    384:D1rexSDrIw6OeA+qpUpWrpEgDhvC4w8zLtCEcNTbHfFCF375JDOJJMUXZ:DIWsOe1G/DML83tC5l/cbDOJJM6Z

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.folder.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    xgkFQ6fqqo}J

Targets

    • Target

      CA-OP2402406.xla

    • Size

      34KB

    • MD5

      ac5961d86e95721920bbaa055049a2f6

    • SHA1

      9db4e33efb83d9029e737d7105c6a16d0ff763a3

    • SHA256

      c47b5b5e01d11e26d7bf7b4c23ee682fabc71db90be27da4e69f3c5045dd7bef

    • SHA512

      dc9621a454180c5246eab427d26ef25119bc64cba51103dc8d848b7e9d7c0011da7a87585239cf33e5987e7dcf43f4410d9fee1ff5f54c29c9d10a086e79c131

    • SSDEEP

      384:D1rexSDrIw6OeA+qpUpWrpEgDhvC4w8zLtCEcNTbHfFCF375JDOJJMUXZ:DIWsOe1G/DML83tC5l/cbDOJJM6Z

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Abuses OpenXML format to download file from external location

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks