Overview

overview

10

Static

static

1

damaged goods.xlam

windows7-x64

10

damaged goods.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    damaged goods.xlam.xlsx

  • Size

    598KB

  • Sample

    240513-h8ddlafb77

  • MD5

    411e3ea683011310328bb49fa355f79e

  • SHA1

    1f274b5cd4400eca6475c9348701dcc21697c647

  • SHA256

    60e883a7946bcb606bc4097c1ea808a9de5f0bd71c1db1d1c545c14cc13d19d6

  • SHA512

    287b0a2d23d06076908ea6f0ab638187f7eb2929443a6b9c21bae1edb0e2a803c6ed53170eecc8fd814fb61c5ca1fd9d157f02f5a850b334da63227e4a2c45f2

  • SSDEEP

    12288:WcnWp+CNHlxAWQYIZnm9V66G8ZhqecI6fyEjm82DyDfEOd8rusX3gPP1v:FohKm9I6GwcQEjm8Vl8SE3gv

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Targets

    • Target

      damaged goods.xlam.xlsx

    • Size

      598KB

    • MD5

      411e3ea683011310328bb49fa355f79e

    • SHA1

      1f274b5cd4400eca6475c9348701dcc21697c647

    • SHA256

      60e883a7946bcb606bc4097c1ea808a9de5f0bd71c1db1d1c545c14cc13d19d6

    • SHA512

      287b0a2d23d06076908ea6f0ab638187f7eb2929443a6b9c21bae1edb0e2a803c6ed53170eecc8fd814fb61c5ca1fd9d157f02f5a850b334da63227e4a2c45f2

    • SSDEEP

      12288:WcnWp+CNHlxAWQYIZnm9V66G8ZhqecI6fyEjm82DyDfEOd8rusX3gPP1v:FohKm9I6GwcQEjm8Vl8SE3gv

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks