Overview

overview

10

Static

static

0c46c876f6...f5.exe

windows7_x64

10

0c46c876f6...f5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c46c876f6b444739b4f4cbf6fc9a2f5

  • Size

    683KB

  • Sample

    210727-vv2wskjjzx

  • MD5

    0c46c876f6b444739b4f4cbf6fc9a2f5

  • SHA1

    e241ae919b6554eb5c556a88ca2d7ca2eeb4ff98

  • SHA256

    1fce43899f8b6267ca55c5f4ad85a48a191f130d936dabeae013f5d626068ece

  • SHA512

    fc2b4820ceb210ca4d210209157468f6437564edf50b1341524d428efcf18ec9a5ac3064e4af443ed3d68786260bce56f130ca082c730ba4c5536956aa0eae45

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    davide.montorro@arss-it.me
  • Password:
    HOPEFULYETLost@1989

Targets

    • Target

      0c46c876f6b444739b4f4cbf6fc9a2f5

    • Size

      683KB

    • MD5

      0c46c876f6b444739b4f4cbf6fc9a2f5

    • SHA1

      e241ae919b6554eb5c556a88ca2d7ca2eeb4ff98

    • SHA256

      1fce43899f8b6267ca55c5f4ad85a48a191f130d936dabeae013f5d626068ece

    • SHA512

      fc2b4820ceb210ca4d210209157468f6437564edf50b1341524d428efcf18ec9a5ac3064e4af443ed3d68786260bce56f130ca082c730ba4c5536956aa0eae45

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks