Overview

overview

10

Static

static

platby_.exe

windows7_x64

10

platby_.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    platby_.exe

  • Size

    24KB

  • Sample

    211021-ph16asacd4

  • MD5

    fc3e85a4c9f9f8a1c3b929dc6d28e943

  • SHA1

    21b6b3fdd0347c93cc0780bd48db33c9b71544bf

  • SHA256

    69958e42628bd4017cd0f1a8c1dfd6851b0257f02dea588d2d2f7c23a723b3da

  • SHA512

    5f1fe77fb00d7263b61050a009b715cbe9c9247f866783f594ec38f1903da049d7e4009e95d03eeff6e4ae172e734ebba79fb70eaa9945c7fb9377e4f712b998

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.fullmachinespa.cl
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    marcor2018

Targets

    • Target

      platby_.exe

    • Size

      24KB

    • MD5

      fc3e85a4c9f9f8a1c3b929dc6d28e943

    • SHA1

      21b6b3fdd0347c93cc0780bd48db33c9b71544bf

    • SHA256

      69958e42628bd4017cd0f1a8c1dfd6851b0257f02dea588d2d2f7c23a723b3da

    • SHA512

      5f1fe77fb00d7263b61050a009b715cbe9c9247f866783f594ec38f1903da049d7e4009e95d03eeff6e4ae172e734ebba79fb70eaa9945c7fb9377e4f712b998

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks