Overview

overview

10

Static

static

3

invoceI147...df.exe

windows7-x64

10

invoceI147...df.exe

windows10-2004-x64

10

invoceI147...df.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoceI14711472.pdf.exe

  • Size

    599KB

  • Sample

    240326-qpqhtaeb7v

  • MD5

    05fc8c317d930cb9a38241e2acd12b6b

  • SHA1

    8ccb99e44aab813419f4a64d07bc05c7f40067fe

  • SHA256

    9850d360aafb1897fa5452ba024d77062e3d55cd4f3985c0b85ab1f333678e9a

  • SHA512

    56d0128c721ff4cc74033c1405eefa560bd3634aab24bd07b174d219aefdf6c8c294ed8e0194840e00974e5d77035bbca062053a2f8f7b23be00cf5046df04c8

  • SSDEEP

    12288:aJH5uUobt6yZqiPuSaUQvud1mlTP9yYXkuXIxc4wJiQ8OxVHE0D:CobIyEiPuvUSuSd9yYXctcNxi0D

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      invoceI14711472.pdf.exe

    • Size

      599KB

    • MD5

      05fc8c317d930cb9a38241e2acd12b6b

    • SHA1

      8ccb99e44aab813419f4a64d07bc05c7f40067fe

    • SHA256

      9850d360aafb1897fa5452ba024d77062e3d55cd4f3985c0b85ab1f333678e9a

    • SHA512

      56d0128c721ff4cc74033c1405eefa560bd3634aab24bd07b174d219aefdf6c8c294ed8e0194840e00974e5d77035bbca062053a2f8f7b23be00cf5046df04c8

    • SSDEEP

      12288:aJH5uUobt6yZqiPuSaUQvud1mlTP9yYXkuXIxc4wJiQ8OxVHE0D:CobIyEiPuvUSuSd9yYXctcNxi0D

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks