Overview

overview

10

Static

static

MV. MANDAR...21.exe

windows7_x64

10

MV. MANDAR...21.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MV. MANDARIN OSS MARITIME cpdd 09.02.2021.cab

  • Size

    365KB

  • Sample

    210421-kjehwcp6mn

  • MD5

    217904e2e8fb1432287ba412caeb2c35

  • SHA1

    a9ca16441820325bd48680f615fba139523764a8

  • SHA256

    80c069ca754151a5254a6b52dba853bb9cd9837ebd812f27e5e13a638bb82791

  • SHA512

    06402deb2e2a4c349b0f2d003755b273341a0a30a610d9590a278df172c97e13155e5154a3915f010f28b32baa9495659a9eb7d4ac775d63d67912cafa9f33f1

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.hyshippingcn.com
  • Port:
    587
  • Username:
    plogs112@hyshippingcn.com
  • Password:
    e*u@qkS4

Targets

    • Target

      MV. MANDARIN OSS MARITIME cpdd 09.02.2021.exe

    • Size

      477KB

    • MD5

      0bbd4f88ffc0e2403dc677db55138705

    • SHA1

      96969cad9fb63258840273415b56524e7e0dd44e

    • SHA256

      4e03a6064d48718f91df9160b73f9a8cba2976bf516e6f97dc0ec1ddf2c05633

    • SHA512

      71972eb34f862212faf2c90da28526aa7af502e3b32453bc9b3c4fefb52ceb50823f4da4003003f3527f87d41bf357e8adf2c84d22b3394aeac1d078df620e15

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks