Overview

overview

10

Static

static

1

Inquiry N ...9.xlam

windows7-x64

10

Inquiry N ...9.xlam

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Inquiry N TM24-10-09.xlam.xlsx

  • Size

    803KB

  • Sample

    241010-h8ypja1dje

  • MD5

    c4d3d1b1842e510619920b9492900250

  • SHA1

    25749eb1073ce81fd72314dda9efab61adb70b3f

  • SHA256

    f8fb6c4ac020b9b8116781833ad5f536979a2e21986601c55928a2bfcc3036ce

  • SHA512

    dd3c9e5590f43fa891142106169a90d2ec986f3db45a641d38c4af326ac7b600eb9442b4fca0b0fd3f096b547cce6162535bbc67d6fe534e1f7c3c44d4d72919

  • SSDEEP

    12288:5UDmtDq7MeSQA4rwbZswK/j+c61E/y7CEBbJlFE54zuvBBhvWHK0QbJXaw71DrGb:WDf4lYrwzKrV6S/yBruv/hHxbdD1Drub

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Inquiry N TM24-10-09.xlam.xlsx

    • Size

      803KB

    • MD5

      c4d3d1b1842e510619920b9492900250

    • SHA1

      25749eb1073ce81fd72314dda9efab61adb70b3f

    • SHA256

      f8fb6c4ac020b9b8116781833ad5f536979a2e21986601c55928a2bfcc3036ce

    • SHA512

      dd3c9e5590f43fa891142106169a90d2ec986f3db45a641d38c4af326ac7b600eb9442b4fca0b0fd3f096b547cce6162535bbc67d6fe534e1f7c3c44d4d72919

    • SSDEEP

      12288:5UDmtDq7MeSQA4rwbZswK/j+c61E/y7CEBbJlFE54zuvBBhvWHK0QbJXaw71DrGb:WDf4lYrwzKrV6S/yBruv/hHxbdD1Drub

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks