Overview

overview

10

Static

static

3

TEKLİF TA...sx.exe

windows7-x64

10

TEKLİF TA...sx.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TEKLİF TALEP_xlsx.exe

  • Size

    668KB

  • Sample

    240327-htz9tafa64

  • MD5

    b2ebfbb63f7ccdff15e24e4ff801c986

  • SHA1

    584079acf1abc206fca557907ab0c258ebc21a9a

  • SHA256

    9b6287ed088ca9a4d43602c95f045bafb0f17214412a749d27a5b2c126c8edb7

  • SHA512

    dd8d4b655504786999696f2603b915351d2daab578568f8ea181fdb54aa5eb420d2f02937eab6d6649562c243bba5259d26e04a19a0c48b894037a66dc48afe2

  • SSDEEP

    12288:zuLD9C9DaFlVqcwO9kuereZz5WgZtjs1Ux6xdE0Is0JAIActwqk67tjbFRU:zsuMA7O9nZQktjs1+ps0CI1Ox6nRU

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      TEKLİF TALEP_xlsx.exe

    • Size

      668KB

    • MD5

      b2ebfbb63f7ccdff15e24e4ff801c986

    • SHA1

      584079acf1abc206fca557907ab0c258ebc21a9a

    • SHA256

      9b6287ed088ca9a4d43602c95f045bafb0f17214412a749d27a5b2c126c8edb7

    • SHA512

      dd8d4b655504786999696f2603b915351d2daab578568f8ea181fdb54aa5eb420d2f02937eab6d6649562c243bba5259d26e04a19a0c48b894037a66dc48afe2

    • SSDEEP

      12288:zuLD9C9DaFlVqcwO9kuereZz5WgZtjs1Ux6xdE0Is0JAIActwqk67tjbFRU:zsuMA7O9nZQktjs1+ps0CI1Ox6nRU

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks