Overview

overview

10

Static

static

3

FVN001-230824.pdf.exe

windows7-x64

10

FVN001-230824.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FVN001-230824.pdf.arj

  • Size

    646KB

  • Sample

    240429-q9e8kscf3z

  • MD5

    adaa5e7b737546312bc7ce47b265cdb3

  • SHA1

    d4f3f2b6b19a0ab01be4c75c43a6897fb2a4e57c

  • SHA256

    4135f0cde1c903b383f707bee508f1c373d4db1473e9dde44e385e331f6d22e9

  • SHA512

    9eade85bbae4081180c1eeecaf544caa03104131725979cb09900e3a5249de761c8b468044acef3ba84a3cfb18bd9259b22aa2ce8064b79e647062cad604e232

  • SSDEEP

    12288:4QJqkgSSPdTTA3yWEx/nAx2A4OTvmNuY3S9hF3V6cmE1Cxg0J:4QJFJSdTTCrEBAIA4Ozm3iT6jF

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      FVN001-230824.pdf.exe

    • Size

      698KB

    • MD5

      c886350c4259dd843104cd51524770a0

    • SHA1

      595198caebae2f64c3d008425b782e2d7a5f3c00

    • SHA256

      36847d6a88e758a4d823a6e100746c1f505678f8c286ddc2e942c2329ccc36ee

    • SHA512

      e3a7bfe55dab903a28e47be2444ba2b6f68e06602fc28fe0a58fc5d2fd1a045bee5a96eec9f1848a0a221922e91c4b5edd5a0498436916a17ff6c24a04f0056d

    • SSDEEP

      12288:y+DbgAB778Qe2Y2NW76+Lm+nMO6a4Ti+N5qcQB0omFFUoIglO2+1lyV+Rro7n9m:jgABa+W764t6a4+4LQB0oEFUoIE+1u6k

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks