Overview

overview

10

Static

static

1

9998ef5f4e...53.rtf

windows7-x64

10

9998ef5f4e...53.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9998ef5f4ea72ae55f9f033b6aa7c21e5e3461ddd69e90a6525042ff6daab653.rtf

  • Size

    4.1MB

  • Sample

    240524-nyzfzagc95

  • MD5

    7b044d66c7fcbc3d3bf6f5d52e96d3b2

  • SHA1

    f671b1d17948e20794bcd209d8ea1c32b1074155

  • SHA256

    9998ef5f4ea72ae55f9f033b6aa7c21e5e3461ddd69e90a6525042ff6daab653

  • SHA512

    b4f1589734e848061bd6680553c5f5cd625533133421681a561980d94f6d64b833920ef055961bb9719e47e78cbf86e3b1c62e41b8fac4044ccb8529aed92018

  • SSDEEP

    24576:+nLjMle4Ywg76KhKdRukZV+Sc7N4angyRulXC1rfw8BVWXNY0nVJqTsocGmShjy2:y

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      9998ef5f4ea72ae55f9f033b6aa7c21e5e3461ddd69e90a6525042ff6daab653.rtf

    • Size

      4.1MB

    • MD5

      7b044d66c7fcbc3d3bf6f5d52e96d3b2

    • SHA1

      f671b1d17948e20794bcd209d8ea1c32b1074155

    • SHA256

      9998ef5f4ea72ae55f9f033b6aa7c21e5e3461ddd69e90a6525042ff6daab653

    • SHA512

      b4f1589734e848061bd6680553c5f5cd625533133421681a561980d94f6d64b833920ef055961bb9719e47e78cbf86e3b1c62e41b8fac4044ccb8529aed92018

    • SSDEEP

      24576:+nLjMle4Ywg76KhKdRukZV+Sc7N4angyRulXC1rfw8BVWXNY0nVJqTsocGmShjy2:y

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks