Overview

overview

10

Static

static

1

z23mypdfsc...35.bat

windows7-x64

8

z23mypdfsc...35.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    z23mypdfscanner-invoice3535.bat

  • Size

    217KB

  • Sample

    240524-xcbbpafa6w

  • MD5

    81e3209cf09a8f2f59c94c3e8c20c475

  • SHA1

    0e05dfa84c0f053ab8f2fc4682fb46e02440096f

  • SHA256

    3cb4d9bb4d3100fb7884a96c4c1cc4ffe4994c76e80626e2ca4894a01cb6ded2

  • SHA512

    ac5d14dabe94916a097be70d7420de9ff9528ebe530798168dcbbcb5754604610f563f0c8737d01e4ea83346ad878284a21360b84d8934a2db0dfcf13fc746d7

  • SSDEEP

    6144:xlN/X/N7ZeoXGyzjFk7ecPTja3UIhdcYGuukwEZrWAFhF7EP4:zNf1H2yzjFk7e6ToUmdcYFukwE5Wyh6w

Score
10/10
agentteslaexecutionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6840755276:AAHEhHpmlrUuXaIUnKpuniBmO-DaNx3tnLo/

Targets

    • Target

      z23mypdfscanner-invoice3535.bat

    • Size

      217KB

    • MD5

      81e3209cf09a8f2f59c94c3e8c20c475

    • SHA1

      0e05dfa84c0f053ab8f2fc4682fb46e02440096f

    • SHA256

      3cb4d9bb4d3100fb7884a96c4c1cc4ffe4994c76e80626e2ca4894a01cb6ded2

    • SHA512

      ac5d14dabe94916a097be70d7420de9ff9528ebe530798168dcbbcb5754604610f563f0c8737d01e4ea83346ad878284a21360b84d8934a2db0dfcf13fc746d7

    • SSDEEP

      6144:xlN/X/N7ZeoXGyzjFk7ecPTja3UIhdcYGuukwEZrWAFhF7EP4:zNf1H2yzjFk7e6ToUmdcYFukwE5Wyh6w

    Score
    10/10
    executionagentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks