Overview

overview

10

Static

static

1

Debit note...ts.exe

windows7-x64

7

Debit note...ts.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51f4ae68fb2ec7b6f65fcc9d8282651cb443d826de4a94785cf7a58679ee0118.tar

  • Size

    48KB

  • Sample

    250115-c2fbqaxpgt

  • MD5

    a9bbf428234a322a21c9190b3257d662

  • SHA1

    328ad9da14441b3b47df4fb0cef407a04bf647ac

  • SHA256

    51f4ae68fb2ec7b6f65fcc9d8282651cb443d826de4a94785cf7a58679ee0118

  • SHA512

    9afd19e6d52e9d3ae6794752a683490628854aaa4db75fe1cda448e4c5f242c587683b845cef7597fe4ef6d5ab73d6936ca29b4bc75286c15335f38dacc83cda

  • SSDEEP

    768:3ReZ6LWN+ybM6EAKXbNgotkHxPe9rB5I308Cslw4BcriEs:3Re5dopgKkHxPGrB5Ik3T4iC

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Debit note -MSR_2024_0024- and Attachments.com

    • Size

      46KB

    • MD5

      58a83cbfbd24495d3427075426c7bb6c

    • SHA1

      3b3ef5d4ab2adc7824dd7ec26e8cc569f03e5189

    • SHA256

      cd9ee0f4a8ad57856d636dd1f2f34c2196804791bff45332d729203ce1459226

    • SHA512

      820b6b992167303c33e96dca7acbef26b80698b63ae5ff61cfe919fc34ba6e10460f5264e7e33a433aa8407c0a3f2b482618e1da19f7369a6b07d40cb41bb871

    • SSDEEP

      768:WZ6LWN+ybM6EAKXbNgotkHxPe9rB5I308Cslw4BcriEsO:W5dopgKkHxPGrB5Ik3T4iCO

    Score
    10/10
    discoveryagentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks