Overview

overview

10

Static

static

ADNOC DOCUMENTS.exe

windows7_x64

10

ADNOC DOCUMENTS.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ADNOC DOCUMENTS.rar

  • Size

    465KB

  • Sample

    211019-jvqmfafdd3

  • MD5

    37103341ec5b5776f9181b711c398c65

  • SHA1

    0fe6c0cd7d4a00d87ee6b52b3cf9323ec79ced74

  • SHA256

    741b738edb136abc66219d1ad8a4cbdbcc97f99d6ad85539a4881c39a0d62702

  • SHA512

    e6b680ffeb3111334ca234d928bd9ebb392c3a35f305f94134b52d52b4d9cb859b6f9027e0a30606aa47cbe428d7b33a087eaf8cc4f07b81b81f6e9830e6f607

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    !xgapua3

Targets

    • Target

      ADNOC DOCUMENTS.exe

    • Size

      694KB

    • MD5

      cb84e6082cec4afda05807eb8c5d62e9

    • SHA1

      ca66b1a86f68e660c428aa46ca6d00c226e72503

    • SHA256

      a965a0da37d19d72e2a468560846917d1e69d396f6622c77103a1c25b26c1100

    • SHA512

      2a21d2b4d4a8652806a3d90b183a9a7d41740904314543e74a50765be80fc67ff2804349a454c99b347d0552cf1556195c9bb42ec47baade3e41741eaff922c4

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks