Overview

overview

10

Static

static

5

Purchase order.exe

windows7-x64

10

Purchase order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13d1ef57e303471bab14832a27f74003a0a0f1051f390c69b53a2472d6223534

  • Size

    634KB

  • Sample

    250128-bj8pwasnck

  • MD5

    ae64884e76333ee6dfba1e8a7e3a7fa0

  • SHA1

    b2242ad184a05bcaed1e60bb1b5566da93fe1f91

  • SHA256

    13d1ef57e303471bab14832a27f74003a0a0f1051f390c69b53a2472d6223534

  • SHA512

    c24f20852d0bff93af81526161940a6af4c8c389564b2bfd1877d32ad52feddfd9ef0574b623a9c2402280fec9e720c96cb5c7f4ae885808b79a89216864a88d

  • SSDEEP

    12288:/sNx+QKbK8kIyYCedTnjjCCUeXxl3UgfSxXaimHWZeTqm4Asf/j:/U+Q7KyXetyCUsfS9aT2AGmez

Score
10/10
agenttesladiscoverykeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Purchase order.exe

    • Size

      986KB

    • MD5

      9264f617827a682e6002378e6b61fd83

    • SHA1

      2e3c94f5df909457134b2297f67f8b766151ea92

    • SHA256

      02073441269355d1447b6dec157de4b6fe104d3aba666caf1cefac726abc5539

    • SHA512

      a5a48b1e554861c5ad13fe5504ea04807fe485f79dab9e3a0b76a241f5ca08a7ff2b1b3dba8cbdb8f656975f9841592423bae30e66b9cdc34139f41ac4a494a3

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCpUliXtZTgtdsnvBcD3:7JZoQrbTFZY1iaCpnkdIvBcb

    Score
    10/10
    agenttesladiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks