Overview

overview

10

Static

static

JUSTF2.exe

windows7_x64

1

JUSTF2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JUSTF2.tgz

  • Size

    649KB

  • Sample

    210126-h4p31jccce

  • MD5

    e59de04e8df70ed154b8f061d6805103

  • SHA1

    c666675ce3c180cf153330e509b52967651540f8

  • SHA256

    9f90191394c86e462f3996211403debe1cc0ffdc6de6e1700aa59f680641dc33

  • SHA512

    c9fb862a098d89997a7759bf1c069b6ea2742666b8622cc946cb1336e251db97f4be92ca934f4db7170ea202ab0cd38ffb46b36a7c147be065572a993831ba9e

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ionos.es
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    9p9aB43$

Targets

    • Target

      JUSTF2.exe

    • Size

      945KB

    • MD5

      3e50f6b0bf3d56fb5c1492671ae36b8e

    • SHA1

      8a7dc01027a0672041c23f7886604d1525df9593

    • SHA256

      d4c807518c9226abaac16479700cc51566ef122be3fd1dce5480dd6329f8513b

    • SHA512

      c18533eb8800d64e7026e1f16740a45ee6f5b073a03dec859080a9d7241643da5fcdc72b448e4cea6d51f2f1b448f853b2c91dddf0b9db4e36bbe574376ebbec

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks