Overview

overview

10

Static

static

5

Orden de c...__.exe

windows7-x64

10

Orden de c...__.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c534d029f5b4a04348e4d3fe940293b062b7f841f37bd088aeba2b24d65cd458.rar

  • Size

    501KB

  • Sample

    241129-ek9kcatqfx

  • MD5

    2b1e26764f81dd1851684baf2ce14d7e

  • SHA1

    182e835bbeed359bb07dd7cf9b29b3c73c6b9866

  • SHA256

    c534d029f5b4a04348e4d3fe940293b062b7f841f37bd088aeba2b24d65cd458

  • SHA512

    913caf80155351c650cc6b1f9b293b5fe54ad32a05b7f6687223792bba32c4fcadb8803c12345fc65d84eb16de2d598aaaf49ba2b621956e849357116f8ab643

  • SSDEEP

    12288:GJzeAbDykvq+4W8yPc/ZOPlfUCQgJ2kKX2xK:C5N4W+/ZgjRJ2kKX2xK

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.horeca-bucuresti.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    H*TE9iL;x61m

Targets

    • Target

      Orden de compra.pdf______________________________________.exe

    • Size

      997KB

    • MD5

      a3d37ee0e82f58368c4c3bef2dde45a3

    • SHA1

      d49fd6fead6dd95008df3dc1fe667159de863a35

    • SHA256

      83f55d18f4fac1c019ee22eaf1d84a247f0631c271d7d52c49025488346438c3

    • SHA512

      9b14b8012ba942dbbddcaae2685ae75252276046bbe58028028aacb8a5cb53c528cf8e66cb3633f5c020db63b53a37f8cfbab3089b1d0582c7e9e3da9d5177bd

    • SSDEEP

      24576:6tb20pkaCqT5TBWgNQ7a9E3LDdpCQyIaI46A:nVg5tQ7a9E3fPNpO5

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks