Overview

overview

10

Static

static

5

PI D24050183.pdf.exe

windows7-x64

10

PI D24050183.pdf.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    PI D24050183.pdf.exe

  • Size

    1.1MB

  • Sample

    240610-m4dwsagh73

  • MD5

    f11f93a5776837831393b739472c1b00

  • SHA1

    bfbc4164cab663ebb8c665b123395f4c5f8be656

  • SHA256

    3ca2c3cb6757d240f6809c3d246ef902a4cf66e8baf34aaa6ba4ac0aca81f287

  • SHA512

    cb296c0449ddb742cfaa1c35d404beb6ea3ab7f9d6da7ad0b1143ccec73d26685dc0d9985aea4dfaf44110b75dd5844fac6f15a1e3c776aa8a7af68007494f58

  • SSDEEP

    24576:AAHnh+eWsN3skA4RV1Hom2KXMmHa4MylLaqE5:3h+ZkldoPK8Ya4M+Wx

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    (=8fPSH$KO_!

Targets

    • Target

      PI D24050183.pdf.exe

    • Size

      1.1MB

    • MD5

      f11f93a5776837831393b739472c1b00

    • SHA1

      bfbc4164cab663ebb8c665b123395f4c5f8be656

    • SHA256

      3ca2c3cb6757d240f6809c3d246ef902a4cf66e8baf34aaa6ba4ac0aca81f287

    • SHA512

      cb296c0449ddb742cfaa1c35d404beb6ea3ab7f9d6da7ad0b1143ccec73d26685dc0d9985aea4dfaf44110b75dd5844fac6f15a1e3c776aa8a7af68007494f58

    • SSDEEP

      24576:AAHnh+eWsN3skA4RV1Hom2KXMmHa4MylLaqE5:3h+ZkldoPK8Ya4M+Wx

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks