Overview

overview

10

Static

static

5

Quotation_...24.exe

windows7-x64

10

Quotation_...24.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e66acb9e49f3a8116cd49e72bb3de3d059494f4ec23956e674fb7094d7321f9e

  • Size

    648KB

  • Sample

    240911-rcjp6sthql

  • MD5

    4e1a335586d3b075a9096cc698d771b9

  • SHA1

    2b111ad94e68dfbb6fa75b56d17e413b24fa5038

  • SHA256

    e66acb9e49f3a8116cd49e72bb3de3d059494f4ec23956e674fb7094d7321f9e

  • SHA512

    1adee1e69d87dddce82864b532732090d4da2e663cb5dd937083d96913bad2aa581d31ed3ad41449312c64ad8e4bb98541afbca41d8cafba04a18664bc36fa26

  • SSDEEP

    12288:6lKPYgNG5nvf+9eDJh32hmJ/OmUZ33QBbGOb1AAugSBB:6lKPYgN+nvOS26/OR9QBbGOb1AngSL

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1749457201:AAGWIY2QPzrHZIumAIUsWjyRAEWcJrauccY/sendDocument

Targets

    • Target

      Quotation_request_WZ_24.exe

    • Size

      1.1MB

    • MD5

      ecea73fa26da4f196457d02c6644bbc8

    • SHA1

      b555528fa1024c4ed0f32bd17278b82f7be9c45e

    • SHA256

      e0cc617ae8f5150690bd49436f8983fe753eb8cf41dc14624eae48ef75aac274

    • SHA512

      8a58ed595e0a323365a7693858b33bd17d304713e07c2b9a760e6c54430a93d758226497d7dd527466fa5614b3f8e10d76074fdf46d092949ee66d021157ea0f

    • SSDEEP

      24576:c4lavt0LkLL9IMixoEgeaSqW1bmstNyJHBq9MmCS:rkwkn9IMHeaSB1RtNkaPCS

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks