Overview

overview

10

Static

static

1

statement ...es.exe

windows7-x64

10

statement ...es.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    statement and invoices.exe

  • Size

    828KB

  • Sample

    240429-k3wdbseh33

  • MD5

    7ca522120ba2f516eeabd3d3979c14eb

  • SHA1

    3da00a3e7c38b1cab49e7a443a33de11dbd642fc

  • SHA256

    9da495f395181d2188e798281ad85b82acdf6d1185c28885fe193c6c48f78a93

  • SHA512

    2eb76c682e5f86f6148750003e4b51375d7ac58e3486157b0c55da98073fb6f852fa0ef209115f0c8223e2f081df4ecff56e181af540da49fd0819a832cb73b8

  • SSDEEP

    24576:bDPjKr5BND8Vqr4MYBt7xa42c//Bs9zEi:vk5BNggrzia7c3SF

Score
10/10
agentteslakeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      statement and invoices.exe

    • Size

      828KB

    • MD5

      7ca522120ba2f516eeabd3d3979c14eb

    • SHA1

      3da00a3e7c38b1cab49e7a443a33de11dbd642fc

    • SHA256

      9da495f395181d2188e798281ad85b82acdf6d1185c28885fe193c6c48f78a93

    • SHA512

      2eb76c682e5f86f6148750003e4b51375d7ac58e3486157b0c55da98073fb6f852fa0ef209115f0c8223e2f081df4ecff56e181af540da49fd0819a832cb73b8

    • SSDEEP

      24576:bDPjKr5BND8Vqr4MYBt7xa42c//Bs9zEi:vk5BNggrzia7c3SF

    Score
    10/10
    agentteslakeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks