Overview

overview

10

Static

static

AL JUNEIDI LIST.xlsx

windows7_x64

10

AL JUNEIDI LIST.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AL JUNEIDI LIST.xlsx

  • Size

    2.4MB

  • Sample

    210408-67njjmapwe

  • MD5

    60540d14ce3fad98f702136cd2a4c28b

  • SHA1

    86da698cf83d97aae2c778d772998b61192a72e4

  • SHA256

    23747e944ff608bffb823f5282f7214e932dd24897aef0c7618c7b7741d61304

  • SHA512

    a1007f161432ca1d4c3b39fb920c6699e2ecc076d843bc35a01bd9345964b0fd853c046638a6aef461d6f6796642285a3f0628cc309e39f0ee0ee925b2529536

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    armyscheme3@yandex.com
  • Password:
    browse9ja

Targets

    • Target

      AL JUNEIDI LIST.xlsx

    • Size

      2.4MB

    • MD5

      60540d14ce3fad98f702136cd2a4c28b

    • SHA1

      86da698cf83d97aae2c778d772998b61192a72e4

    • SHA256

      23747e944ff608bffb823f5282f7214e932dd24897aef0c7618c7b7741d61304

    • SHA512

      a1007f161432ca1d4c3b39fb920c6699e2ecc076d843bc35a01bd9345964b0fd853c046638a6aef461d6f6796642285a3f0628cc309e39f0ee0ee925b2529536

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Exploitation for Client Execution

1
T1203

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks