Overview

overview

10

Static

static

dc6a5d1b3a...c5.exe

windows7_x64

10

dc6a5d1b3a...c5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc6a5d1b3accb015fe2b6f91176c57c5

  • Size

    828KB

  • Sample

    210722-v6mpzrtr8e

  • MD5

    dc6a5d1b3accb015fe2b6f91176c57c5

  • SHA1

    4abcf45cb20f5f228ca0e93a375bfc1d6638ede1

  • SHA256

    60f621808e2a3de0ba3b655874bf321da0505b147dea66aa340c8a2a126f9e23

  • SHA512

    064ce83f4aa04721ee7626a5a1f9b2d3452f58988e31db54b697fbf86dc2eea455a045715f40471e8f4625f9fd488fe3b608607d5cd1d0d56b6dbdab11679f0e

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    bh-16.webhostbox.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#$

Targets

    • Target

      dc6a5d1b3accb015fe2b6f91176c57c5

    • Size

      828KB

    • MD5

      dc6a5d1b3accb015fe2b6f91176c57c5

    • SHA1

      4abcf45cb20f5f228ca0e93a375bfc1d6638ede1

    • SHA256

      60f621808e2a3de0ba3b655874bf321da0505b147dea66aa340c8a2a126f9e23

    • SHA512

      064ce83f4aa04721ee7626a5a1f9b2d3452f58988e31db54b697fbf86dc2eea455a045715f40471e8f4625f9fd488fe3b608607d5cd1d0d56b6dbdab11679f0e

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks