Overview

overview

10

Static

static

Bank Swift...at.exe

windows7_x64

10

Bank Swift...at.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bank Swift.PDF.bat

  • Size

    387KB

  • Sample

    211018-bpyf4adab5

  • MD5

    b6e43086a81e8b9249921daaac3fe3d0

  • SHA1

    98e5fa683de5275a953ab72518ec8e380affe461

  • SHA256

    ddad215db0b750c91aabd1b8032e038c53b67ab103b9c3ee52a7e4038c21ec32

  • SHA512

    1fc3dbbd78b9093abfd7457ab9959a21901a8c15e6abe6a658c7a5577f0d3acea7f5acbec53b679f56084aab65975cfb384ad60929b1ed09dcc9b9721690518b

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.dipiluminacion.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    icui4cu2@@

Targets

    • Target

      Bank Swift.PDF.bat

    • Size

      387KB

    • MD5

      b6e43086a81e8b9249921daaac3fe3d0

    • SHA1

      98e5fa683de5275a953ab72518ec8e380affe461

    • SHA256

      ddad215db0b750c91aabd1b8032e038c53b67ab103b9c3ee52a7e4038c21ec32

    • SHA512

      1fc3dbbd78b9093abfd7457ab9959a21901a8c15e6abe6a658c7a5577f0d3acea7f5acbec53b679f56084aab65975cfb384ad60929b1ed09dcc9b9721690518b

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks