Overview

overview

10

Static

static

Int. Quote...in.exe

windows7_x64

10

Int. Quote...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Int. Quote Inquiry Notice-Export req Bl+CI+Certificate of Origin.rar

  • Size

    641KB

  • Sample

    210810-xc9hx4z6f2

  • MD5

    c35ac496552bf4da794678950ecbd774

  • SHA1

    851a961a68dd0c473952540dec8510cd998a57b4

  • SHA256

    f7ddebd53af8400592e1e907a850057d082658f7635519a8af8e3cd3d3ea0ca7

  • SHA512

    fbf0392e9bdb4ac0b37ed40334323b0d97bc00c914f55eea3fafdb2f538272fe08b74befb0dc1c928c1f9d27b480791831d6161c173943c641d7f6078583749e

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.turkticaret.net
  • Port:
    587
  • Username:
    info@acakirvap.com
  • Password:
    Ackr.2410

Targets

    • Target

      Int. Quote Inquiry Notice-Export req Bl+CI+Certificate of Origin.exe

    • Size

      828KB

    • MD5

      7a3078f22e1ac3aaf5f8c44b2956f5c3

    • SHA1

      ea035e834a56c5ec504e46dd1f0653640b41609a

    • SHA256

      fcf2392e4f6cff50cca5aa9d3cfa76da02eabc86a698758f5bee49ec4ffe2620

    • SHA512

      3a1ce93713470427df72e6bb5311b170ced61f7af2293aaf190da3bb2fc37a5af3801cafb7ba1d19ff83e9ac38cb3cdb74e82a12fd6091fada10a55b300aed8f

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks