Overview

overview

10

Static

static

1

New Order ...3.xlam

windows7-x64

10

New Order ...3.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ed8419c2605c725c052c010e4c14e3a7fe9834f1a6e7f6da61a7fa5367a8719

  • Size

    591KB

  • Sample

    241009-n87v4aycpe

  • MD5

    04b6dda81649adb49c327b48b771e083

  • SHA1

    d0eab49a959ca17788a115f5d7dc8e50bffa63b1

  • SHA256

    3ed8419c2605c725c052c010e4c14e3a7fe9834f1a6e7f6da61a7fa5367a8719

  • SHA512

    ecbc550b9890b16089ce393bd03f165ef52bb592af2f1a16d4bcd875437c146bb35b26f2eb3b3934fe027a85cae8ba23b395025ed50b90acfbb41539007d9e03

  • SSDEEP

    12288:EwRr4BIDqyDVteRcWUzfgdBAtIRgSO2PFpJGLSja85OCKp/pLcS:E04yDqC+J4rtIR9w8tMcS

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      New Order #QAY3763.xlam

    • Size

      660KB

    • MD5

      3b65d19f4f8f6a78f0b81a76b4377466

    • SHA1

      96e39dfd3899d6c2c0525986bb98f62daf3bce47

    • SHA256

      ca94f672e0a78076b32e25a4acd186f60de0986dcebcd4d8bb61f3ceca33eb01

    • SHA512

      001096df097bd1929fd098812f4318282a121d6ce86ca6ff0ad072313cec79cbfe1fd634cad82fcedd0347631b61528c4a36c8801d74041cc68b719b4b48588d

    • SSDEEP

      12288:Wok4BI3UyDxjeRcWQ/HgtBAZINcIOIPHd9yBoju85QCIp/f1:44y3UK+JS1ZINjA8ni

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks