Overview

overview

10

Static

static

PAYMEN~0.SCR

windows7_x64

10

PAYMEN~0.SCR

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PAYMEN~0.SCR

  • Size

    92KB

  • Sample

    211019-ggwv7afce2

  • MD5

    fd8a66ce8c50c375cca9bd9b5408e173

  • SHA1

    ef344ca7340100a9cc1ec8049fcdaafad9b70422

  • SHA256

    1018aa0f641a722fc61ac3135050ab53f6562f6050b40c679d02b2f8b745960f

  • SHA512

    73b0c9e8f53b24eef223e4565cee232f94f4ee4df61836e734793cb534ae3a4cb8ef72b2febdb8fbefedb173f3a9ca5355bba9512d1825eea980652030456a4b

Score
10/10
agentteslaguloadercollectiondownloaderkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.tccinfaes.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    TccBps1427log

Targets

    • Target

      PAYMEN~0.SCR

    • Size

      92KB

    • MD5

      fd8a66ce8c50c375cca9bd9b5408e173

    • SHA1

      ef344ca7340100a9cc1ec8049fcdaafad9b70422

    • SHA256

      1018aa0f641a722fc61ac3135050ab53f6562f6050b40c679d02b2f8b745960f

    • SHA512

      73b0c9e8f53b24eef223e4565cee232f94f4ee4df61836e734793cb534ae3a4cb8ef72b2febdb8fbefedb173f3a9ca5355bba9512d1825eea980652030456a4b

    Score
    10/10
    agentteslaguloadercollectiondownloaderkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

      downloaderguloader

    • AgentTesla Payload

    • Checks QEMU agent file

      Checks presence of QEMU agent, possibly to detect virtualization.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks