Overview

overview

10

Static

static

1

PRODUCTS LIST.pdf.exe

windows7-x64

10

PRODUCTS LIST.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PRODUCTS LIST.pdf.exe

  • Size

    725KB

  • Sample

    240327-m3efxsaf44

  • MD5

    3afc031f6c1a6ec6d4d075351c16529b

  • SHA1

    25b3288e34d9b6473572d2f4264c27546700faa6

  • SHA256

    9c49bbe71a875101949fd0ddf980825c8ac09d566c9e55c2ac94caf8052f5e2e

  • SHA512

    102c95629b14ba98256f56d14a6418a5f0bb79b562d129b948fdafd1b0d29ade909c1cdc5d0854460ba6ccf240e3be763d9b038cdd735a7c28cb5213be1b7556

  • SSDEEP

    12288:U4CMwY4XU5F5gIKxGA87K5BV5lwKSj6bthuaLlsXaeyXYAlRzFIhuaOaT1upA7kR:li0Fm4IBV5vtUa+bLAlR5IhV1i

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PRODUCTS LIST.pdf.exe

    • Size

      725KB

    • MD5

      3afc031f6c1a6ec6d4d075351c16529b

    • SHA1

      25b3288e34d9b6473572d2f4264c27546700faa6

    • SHA256

      9c49bbe71a875101949fd0ddf980825c8ac09d566c9e55c2ac94caf8052f5e2e

    • SHA512

      102c95629b14ba98256f56d14a6418a5f0bb79b562d129b948fdafd1b0d29ade909c1cdc5d0854460ba6ccf240e3be763d9b038cdd735a7c28cb5213be1b7556

    • SSDEEP

      12288:U4CMwY4XU5F5gIKxGA87K5BV5lwKSj6bthuaLlsXaeyXYAlRzFIhuaOaT1upA7kR:li0Fm4IBV5vtUa+bLAlR5IhV1i

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks