Overview

overview

10

Static

static

1

Fatura 001.xlsx

windows7-x64

10

Fatura 001.xlsx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fatura 001.xlsx

  • Size

    1.9MB

  • Sample

    241001-gs1craybmf

  • MD5

    9273a696f6ef57cdda7670f5b8742a1a

  • SHA1

    68b3f8d1448d31d42f0efdb59313ee031bba0c7c

  • SHA256

    df4c4ff517e33b8a2cec86619652fa6cdb4ed7acd120a7e8866b673cb554b974

  • SHA512

    407ed0402d1940b5d7dfceb0bf45bf05814f54b091b1cfbc918bdf715b91a97e949bbad176bef553820a40885e9382633d5853ce2e31f130d74b3d6f470b2110

  • SSDEEP

    49152:c2Hqv0ubGHrUFG9Etdc+BEJiAOtSigHUZRsT:H3+GHrUA9Enc+CpUZRsT

Score
10/10
agentteslacollectiondiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Fatura 001.xlsx

    • Size

      1.9MB

    • MD5

      9273a696f6ef57cdda7670f5b8742a1a

    • SHA1

      68b3f8d1448d31d42f0efdb59313ee031bba0c7c

    • SHA256

      df4c4ff517e33b8a2cec86619652fa6cdb4ed7acd120a7e8866b673cb554b974

    • SHA512

      407ed0402d1940b5d7dfceb0bf45bf05814f54b091b1cfbc918bdf715b91a97e949bbad176bef553820a40885e9382633d5853ce2e31f130d74b3d6f470b2110

    • SSDEEP

      49152:c2Hqv0ubGHrUFG9Etdc+BEJiAOtSigHUZRsT:H3+GHrUA9Enc+CpUZRsT

    Score
    10/10
    agentteslacollectiondiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks