Overview

overview

10

Static

static

5

ASLOTSL2sh...sx.exe

windows7-x64

10

ASLOTSL2sh...sx.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ASLOTSL2shipsParticulars.xlsx.exe

  • Size

    1.2MB

  • Sample

    241014-ezc5pasgpj

  • MD5

    70ae8521f1dde2e1a6d8fbc00b21b872

  • SHA1

    ef0ff1c10c927ba2f0263dc168f278d34cdb4b3e

  • SHA256

    998bcc52d5267ea736432ae3f72b24cdbb790b0e59cf99b810481141d0f92b46

  • SHA512

    aec6d5dd31e5f7ee3908f50ffa19ce4ab9b80c0ec2a1106ab1ea7e3b98aafc4631c1271d990980f9fb099f2d3a4f87c27a280be5a0857c886f9eab2355f67182

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLeaj5f6w0zb5ZSZFSSiVUFRiuUbYi:f3v+7/5QLeafG7bSiCFQNYi

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      ASLOTSL2shipsParticulars.xlsx.exe

    • Size

      1.2MB

    • MD5

      70ae8521f1dde2e1a6d8fbc00b21b872

    • SHA1

      ef0ff1c10c927ba2f0263dc168f278d34cdb4b3e

    • SHA256

      998bcc52d5267ea736432ae3f72b24cdbb790b0e59cf99b810481141d0f92b46

    • SHA512

      aec6d5dd31e5f7ee3908f50ffa19ce4ab9b80c0ec2a1106ab1ea7e3b98aafc4631c1271d990980f9fb099f2d3a4f87c27a280be5a0857c886f9eab2355f67182

    • SSDEEP

      24576:ffmMv6Ckr7Mny5QLeaj5f6w0zb5ZSZFSSiVUFRiuUbYi:f3v+7/5QLeafG7bSiCFQNYi

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks