Overview

overview

10

Static

static

Operationa...df.exe

windows7_x64

9

Operationa...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Operational Instructions BSC BBC.pdf.exe

  • Size

    1.1MB

  • Sample

    210915-hzdm1adbbk

  • MD5

    636ca0dbbfd6a5c2915781a46d5db5e0

  • SHA1

    16a0e21f57cc447b8024999bbd67553c2ffb5e6e

  • SHA256

    79ff327848f9254764561866a5b26ed55aa24453aea69b1f42dbcad5ac140b00

  • SHA512

    fac6d0431ed20e56b7ae7d98342fe58bcc215bbccb5cd39c76585b95827c0216ce84e85c55e0055c16c8b901d6a6ceaf75780ea253daf3fd74f07d9840bbc086

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.boydsteamships.com
  • Port:
    587
  • Username:
    csanchez@boydsteamships.com
  • Password:
    co*tNjEBt4

Targets

    • Target

      Operational Instructions BSC BBC.pdf.exe

    • Size

      1.1MB

    • MD5

      636ca0dbbfd6a5c2915781a46d5db5e0

    • SHA1

      16a0e21f57cc447b8024999bbd67553c2ffb5e6e

    • SHA256

      79ff327848f9254764561866a5b26ed55aa24453aea69b1f42dbcad5ac140b00

    • SHA512

      fac6d0431ed20e56b7ae7d98342fe58bcc215bbccb5cd39c76585b95827c0216ce84e85c55e0055c16c8b901d6a6ceaf75780ea253daf3fd74f07d9840bbc086

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks