Overview

overview

10

Static

static

payment copy.exe

windows7_x64

10

payment copy.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    payment copy.r15

  • Size

    388KB

  • Sample

    211020-n6xmcahab7

  • MD5

    3204c3b1d07e3d5069f5915bb78ec279

  • SHA1

    de5f20a2bdeafffed850c277f410273e1ab3e118

  • SHA256

    3324a5f1e1a6e7b515ffc6eacd6fe52fbdb1fc0fb489a7136d9e28af154e32a2

  • SHA512

    4febc0d4b71fdf088d1ccee8cc906be0ba19a02b246807473fb3a76d82c87a1fb861f027669b37ea36fcdbed6f166f6a7f771519acf3de78476a5ba609ceaf85

Score
10/10
agentteslacollectionkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    sg2plcpnl0023.prod.sin2.secureserver.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    User@40378

Targets

    • Target

      payment copy.exe

    • Size

      433KB

    • MD5

      52e5279607c6ee625b8d01bdef0771ba

    • SHA1

      f136b9d2629bc255fcc36537f7ff1032ed05f3ab

    • SHA256

      ae847091d872af53d8c8f3e9d590a6ddfd24d979bd336c8a8fd4cccd5de20db0

    • SHA512

      00771c173de6a7d9ce07e9163928e8c9adad2cfd9f170f0f62529e4d98409a34d057b223bf2712081e4da95e90a02491d4a836f44d4d43efbab15d46e3606d85

    Score
    10/10
    agentteslacollectionkeyloggerpersistencespywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks