Overview

overview

10

Static

static

Purchase O...87.exe

windows7_x64

10

Purchase O...87.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order_104387.ace

  • Size

    295KB

  • Sample

    211014-f5eq5sgcd3

  • MD5

    8511833870ec85c3e1c891d4506c4749

  • SHA1

    1bb2ac339ea17fd3883f710105e2a5d353815d47

  • SHA256

    46d767d8823f727ca63f945df7b4f195946718166d4269bc1994f558daa56ce9

  • SHA512

    7d89bf3db874bd362bb6cbbe16894503e2f22e33c04bfca8daef9b079309635bd5b2faf8dcf5dad4b130f673fba04cfff9f11ad21e402f9dd8334fd022df952a

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2017480070:AAEhICR2Yy5NwasA-Cw1qaDJiUj6zxLU08M/sendDocument

Targets

    • Target

      Purchase Order_104387.exe

    • Size

      10.0MB

    • MD5

      74bd055b47476e3e151a937dcd4bd3dc

    • SHA1

      5704a5e3a967a004b30408ed86774cefe6e6de31

    • SHA256

      efaaf6c3c366861beab445a96d8d463d7e461506f86f153acd3e0ed0e635b2b7

    • SHA512

      981ce06d17ac108de7d7a997c2ca6697e9923968c3c20db81a2224093a5573bf0de48bd0d65db31f1481a22b73ca49ec2b6116acb19e7906f7780b60a5a6de44

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks