Overview

overview

10

Static

static

5

RFQ INVOICE.exe

windows7-x64

10

RFQ INVOICE.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8ee10ca4010d5ded51ad2b15ad494dc61d11a2018c84dc9e6e62e5717ce1c7de

  • Size

    598KB

  • Sample

    240705-b7gw3azbmk

  • MD5

    b0f14be5828cc97742b44e64355d79bb

  • SHA1

    1e370d7a27dbb14b76b39d3f599ba4dd387501c0

  • SHA256

    8ee10ca4010d5ded51ad2b15ad494dc61d11a2018c84dc9e6e62e5717ce1c7de

  • SHA512

    4354b6b2e5a81de7d92e1246a58a34daa32ee872a96c297e1539e6edb1fd027f36479dca44c4ddb2174dcd563430a64d8c53ce000e36783c5ac5f0552d0316b1

  • SSDEEP

    12288:rNiBcvIecvhqSN1cPOp0VbFKmwDVZxHCe6Yvl7lYU7OyB8t/:rwBHsS7c2uT8ie5t7mUSyBM

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    u;4z3V.Iir1l

Targets

    • Target

      RFQ INVOICE.exe

    • Size

      1021KB

    • MD5

      4147beb9d82fe1e50926a066f0de135d

    • SHA1

      cba7492e1d0cb8b69d2f0fd2e6ea0d6c0f5bb402

    • SHA256

      5e4d6ab1885496e92177fa2fe0513caeaedae8a3ac488d99e10bf93cbbaeb91a

    • SHA512

      f3dc5bcd4d170da2b1c27d8db11f6b3cddc886ef505ddd630130d794ae5a186c2ed3a3388e37aa4b985f2acb028d284ce9a36145c3356d9003d00f9f2295c952

    • SSDEEP

      24576:8AHnh+eWsN3skA4RV1Hom2KXMmHafRBD7aUS2I5:bh+ZkldoPK8YafP/aF

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks