Overview

overview

10

Static

static

5

INSTRUCTIO...oc.exe

windows7-x64

10

INSTRUCTIO...oc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INSTRUCTIONSONTHEPROFORMAANDFINALDISBURSEMENTSACCOUNTS.pdfEUROSKY.doc.z

  • Size

    871KB

  • Sample

    241011-rjv2sawfpb

  • MD5

    215a6431aecf3cc22a038f401f55abfa

  • SHA1

    f047b28c02b300397e0a2b06eb8756318c8c3a73

  • SHA256

    8673877cbf80e52064e18bc6581636fb57541db45bcc84273a991b368dac8913

  • SHA512

    c38ea87ef1a5e5d77406d214b413f90e3280e46229d1b0257907721ddf0bea9a9585caccd705fb842dab802353e4c476005770d65afb227e2fcb91a46a1794f8

  • SSDEEP

    24576:wT38ilcb8fDo54iGZV1gzbj6TgT6gGB7vGCW/v:wrfcbYaOZQzb4lgGBCCW/v

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      INSTRUCTIONS ON THE PROFORMA AND FINAL DISBURSEMENTS ACCOUNTS.pdf, EUROSKY.doc.exe

    • Size

      1.2MB

    • MD5

      515fd5f36230667c7060e83a5dd79abe

    • SHA1

      35be32bbfbead2f6bbc48f9dcc7f675fba407676

    • SHA256

      7c8209053ff4705b39dcd23318174fc4407eabc5bdc40f4babfd876f8d049bc5

    • SHA512

      b92d710020eaf708d32f6576bb81e64bf9c69776eef6279963dd933bde47d6f014930f5d5f52437e9b7c7aed1fedfce7be433e454df6e1487fb7a50a20adab84

    • SSDEEP

      24576:FfmMv6Ckr7Mny5QiXx5j0HjXqiYCOvjF6PPt:F3v+7/5QiXx5j0Hj6iYCOLSt

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks