Overview

overview

10

Static

static

5

rDOC24INV0616.exe

windows7-x64

10

rDOC24INV0616.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rDOC24INV0616.exe

  • Size

    1.0MB

  • Sample

    241216-l3yzwsvrg1

  • MD5

    27245367b5716caadd5ea798614ada6c

  • SHA1

    2911bbbee9b31885767710b8a146c2b67578f139

  • SHA256

    3b78171bc9f38f684826c2cd33953cd0023239cdd561637e1593f89dffea56fe

  • SHA512

    4b070802766c6673df0db4626971a227fe3429838a86d63b7655d4b4c794349f25f8ad019abb07cd30f8693ca34b1d3719997b1e9c36585df9c9e7e3242c58c9

  • SSDEEP

    24576:Du6J33O0c+JY5UZ+XC0kGso6FaI3F423lXTJwSfNmraWY:Nu0c++OCvkGs9FaI3X39HgY

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.alltoursegypt.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    OPldome23#12klein

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      rDOC24INV0616.exe

    • Size

      1.0MB

    • MD5

      27245367b5716caadd5ea798614ada6c

    • SHA1

      2911bbbee9b31885767710b8a146c2b67578f139

    • SHA256

      3b78171bc9f38f684826c2cd33953cd0023239cdd561637e1593f89dffea56fe

    • SHA512

      4b070802766c6673df0db4626971a227fe3429838a86d63b7655d4b4c794349f25f8ad019abb07cd30f8693ca34b1d3719997b1e9c36585df9c9e7e3242c58c9

    • SSDEEP

      24576:Du6J33O0c+JY5UZ+XC0kGso6FaI3F423lXTJwSfNmraWY:Nu0c++OCvkGs9FaI3X39HgY

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks