Overview

overview

10

Static

static

3

Shipping document.exe

windows10-2004-x64

10

Shipping document.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipping document.rar

  • Size

    669KB

  • Sample

    240328-k2zpcseg73

  • MD5

    beb5323f32ee560acd32dbfe08e6c49c

  • SHA1

    0b2b8ceb56f04501aea22aa951907573b920dd6a

  • SHA256

    9bb8410a3d44829099d4d57de031eedbca80932ab6f65c72a66daf8f802426f2

  • SHA512

    b920598145b35c912c641334923590c92ea4a3af13d15891679b4130e17f8ec9fd80de35b4bdd8c6a663640fe79da5f3837c7caa26c0b46c45d79e871de196c7

  • SSDEEP

    12288:613gXIlnph/a+OYXmHKdXTFVEuuzJbIu+IIhJV0i9SxkN4P413/RK3u/ty9I:JXqph/a9oZVEZbOJV04SxkSP41U+1y9I

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.satsllc.ae
  • Port:
    587
  • Username:
    ahsan@satsllc.ae
  • Password:
    Ahsan@12345
  • Email To:
    benj50454@gmail.com

Targets

    • Target

      Shipping document.exe

    • Size

      811KB

    • MD5

      3e250c8f6da5865c870cf22248ba3ec1

    • SHA1

      368a5d934287bfd7a17bcff191a5cc613dc4d2a6

    • SHA256

      88f00d7856da4bc4cdeb97ac096da86e28a9340e494e669a634bce5e79f2b240

    • SHA512

      44a78a4d623212cbd8e8e4dae311f62c9191caf07c8cfba2003e75f2344737afa24a98e0b7e29b2c0e1b57a8154a9391f6177e4113b5c8a8e714aee7c702f003

    • SSDEEP

      12288:JHH3IApRsBvcuDAxYOw65SLgpltAzg1VxSr5gLsPEOdIMSI89qvEpOvV:JnDpRsxR6FliMx854qXNSI85

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks