Overview

overview

10

Static

static

MV YIN SHU...NG.exe

windows7_x64

10

MV YIN SHU...NG.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MV YIN SHUN - TONG LI SHIPPING.cab

  • Size

    299KB

  • Sample

    211019-ls9nmsgdfp

  • MD5

    5d912a8feaeed523be9b296eeaf62da3

  • SHA1

    d578d9dfc28c35892daa26392db771cf8bbf7b2c

  • SHA256

    ee405d429ccd704f6ce6273c42c9358d8da3dfb219b6939856755c9a6d4721b5

  • SHA512

    f4a86d0dc24687d044fd768b1541d0c45e64f506513b404cf1bcb60a95b57c0074a487d3acdb1da8923ff8afabe860b068b9bcef6f722ed660c86bead9b0c37a

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.penavico--cz.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Fq$L%J((!6

Targets

    • Target

      MV YIN SHUN - TONG LI SHIPPING.exe

    • Size

      770KB

    • MD5

      545eaa55c962df648708bb0bb01bcb28

    • SHA1

      39e0c699f9bd668dc65561aef01451deeb41b073

    • SHA256

      138e666baba119aed949d7064ded4f2ddafaa85e95b09bbd5c4ed7d2b77ac9ef

    • SHA512

      4892171284b009dc58a0ea5a781006e52c1dc729e924f386749336b9e56880ecdf6f67e43bee9c8f26b345cfcaab4b53305cd78f33a04d1b3d6016db4a2684cb

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks