Overview

overview

10

Static

static

Default

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO45678654345678654345.tar

  • Size

    29KB

  • Sample

    210131-m1f19a6wya

  • MD5

    28fa1175f19a3f449701972a99887931

  • SHA1

    cc3fba2b06e630b67234f0f3f4cf487c50bc83b7

  • SHA256

    f75e8a3cd55e7ee1620a9f6dbd9b3d7ab8a7d42f41fbffcf9c498c2ee3563f83

  • SHA512

    6b657674aab58f13fea4379f73699cca01ddbfee5a492b81e07b12c2092b910cf5f302a3a16d2bedca3923783813879c62a9755a2933456e57e50a3c76e8ef91

Score
10/10
agentteslavjw0rmkeyloggerspywarestealertrojanworm

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Work@123

Targets

    • Target

      PO45678654345678654345.js

    • Size

      27KB

    • MD5

      f1072676bdd2836b60e44fd7fc759017

    • SHA1

      1372ef6ced0d25dabbf6ed90343e3d3b4963fc5b

    • SHA256

      93a7862d0c562c8b82cc14702ab4e6ef44f23bc5a1489225dc65f0965ca34ab7

    • SHA512

      acfc154b9b1a9bcc2fe6ab2734c11743707bc622a68f92d92f9b3bea317e75ba024c33a8061d6cc478b8e245525ce4d84cb0bc9a3b1cb6f2afbc76a2a7041271

    Score
    10/10
    agentteslavjw0rmkeyloggerspywarestealertrojanworm

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Vjw0rm

      Vjw0rm is a remote access trojan written in JavaScript.

      trojanwormvjw0rm

    • AgentTesla Payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks