Overview

overview

10

Static

static

IfF08zoTKQNagy0.exe

windows7_x64

10

IfF08zoTKQNagy0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Curriculum Vitae Milani.zip

  • Size

    627KB

  • Sample

    211019-vs3prsgca3

  • MD5

    d87031e3437b195bdd7ccb000758a7c8

  • SHA1

    1d198baf33f802025d7c10ac8a11836115201d0c

  • SHA256

    cc45c999c8c450e4e9d7d9e40e79551e491ebdf849e147ec40ee8941c7dd9a8c

  • SHA512

    2c90ae5c08c85e1323328d1a58e7745141fca8a2a80908a1797bb08a167d49f34c0bf54da11192d3ad679e65b0543643d0c5c1c27ffca52898f2ab05e963c6ae

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.aishaautornation.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    wOT@BBp9

Targets

    • Target

      IfF08zoTKQNagy0.exe

    • Size

      1.5MB

    • MD5

      3289887c78f204985e5c13dd8936a9db

    • SHA1

      dc66455dce4e80743545b3ea402e8e0f8c3ecc10

    • SHA256

      62c3cafccdb3fcf9eaabbb2c6802bbd3c9bdba93a5fbf0f1ac9061a0e8023016

    • SHA512

      642daaec4c3c42201ca391512c1c41a5b3ae9d142a664f7b2638179a59298b1b774796eced15d81057865bef4a4ff4e0712cc8975c2e53523fe7f25e6b1d32af

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks