Overview

overview

10

Static

static

10

revised invice.exe

windows7_x64

10

revised invice.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    revised invice.exe

  • Size

    549KB

  • Sample

    201109-fydjeny6g2

  • MD5

    fa4df694ec1e19c5ad3a142fb849a171

  • SHA1

    6e8379dc7a5fb7b7f67a4f31817c38dea632b89a

  • SHA256

    d0b87c89ca8f853d80565f7381435da6801641f2083e3011dcaefa278c402785

  • SHA512

    1eac1101e159009dcf73e87cfe61470b6d81b4a068e0d4eb501d03e048cec9de10127ea1c053141efa2807e1db4db20fd9e6fce709bb5bccf435a350fca2a38f

Score
10/10
agentteslasnakebotkeyloggersnakebotspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    theroyalsandskohrong.com
  • Port:
    587
  • Username:
    marine@theroyalsandskohrong.com
  • Password:
    Royal@2019

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    theroyalsandskohrong.com
  • Port:
    587
  • Username:
    marine@theroyalsandskohrong.com
  • Password:
    Royal@2019

Targets

    • Target

      revised invice.exe

    • Size

      549KB

    • MD5

      fa4df694ec1e19c5ad3a142fb849a171

    • SHA1

      6e8379dc7a5fb7b7f67a4f31817c38dea632b89a

    • SHA256

      d0b87c89ca8f853d80565f7381435da6801641f2083e3011dcaefa278c402785

    • SHA512

      1eac1101e159009dcf73e87cfe61470b6d81b4a068e0d4eb501d03e048cec9de10127ea1c053141efa2807e1db4db20fd9e6fce709bb5bccf435a350fca2a38f

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks