Overview

overview

10

Static

static

Curriculum Vitae.exe

windows7_x64

10

Curriculum Vitae.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Curriculum Vitae.zip

  • Size

    375KB

  • Sample

    211019-vlwymsgbh6

  • MD5

    f39ec69c004c02bb2a3fa9722c9b31dd

  • SHA1

    500495db7f2dd2dcbfd52b7a6452edda965195a3

  • SHA256

    f88ec019aae2911745ec7982ec4205624b91b72b8c243f0ff70b43931b7f2ee5

  • SHA512

    05b1133648c69ee585c4aa5bc0d5d4605b17a3de4ab9dc5a33f3d8c605c81b11c68eedbb943e4edae59b29d751d4830a8c68539516ee7114f82ae4eb5d2ef554

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ofilsysterns.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @o^M)K*1

Targets

    • Target

      Curriculum Vitae.exe

    • Size

      401KB

    • MD5

      e9a2e9f1ed8575797604981d5044e140

    • SHA1

      490c2170713f8aec885ae67f5e9dbce7dcba24a7

    • SHA256

      0283cabedfe0c400c64023384f84b80c7c289dd509f61b8aaded1d57ec61cab0

    • SHA512

      328a2e366c7d8b2bf01562b2a3917ce35e46ac720d07f62a3401a7b9251ce75c687b98083b995e3f22c08b2fc3697c653d85f98ef61656962fe142ca7caa3dd7

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks