Overview

overview

10

Static

static

Bank Swift...py.exe

windows7_x64

10

Bank Swift...py.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bank Swift TT copy.rar

  • Size

    382KB

  • Sample

    211021-a1wafahfh4

  • MD5

    495108dd01c3c3bc994a8329dec74b92

  • SHA1

    1a37cd338f4f1edaa0a79df1a7f62154ac59fa2b

  • SHA256

    bf843cc6d19e090c64f7e69434e5ecdfb7a383ccca61866cd9f94f42ee83d2e9

  • SHA512

    3fc0af74c238784e425276ca4e4d521a137614c2cbaf8b9aea56b620cb60981be821f3ad63d34c75b5e2729ba7cca1dd7072248e7e57dfe231a3a26106f74f6f

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.dairysystems.co.ke
  • Port:
    587
  • Username:
    info@dairysystems.co.ke
  • Password:
    2019@systems

Targets

    • Target

      Bank Swift TT copy.exe

    • Size

      427KB

    • MD5

      5886e035a12b13f2715f29c7d640bcc7

    • SHA1

      cb7fc2abb0f53228fbd9b3a5ae122f4ac05a205a

    • SHA256

      6c1e992a6a4027f434e8b4834adbb06cd08b3a650b1fdf855d0cac0e3a0ea0b5

    • SHA512

      a5ada49df6d0b42bf2941c449da63ed58b46acdaf090a0d452f86725fb4bc3c4b9d7d512a50d969b0ec93f6478fd213472f9c422d4b10ad7c83df49aee72d6bc

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks