Overview

overview

10

Static

static

10

92c492_e72...xt.ps1

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92c492_e7293c57732f4f278d939202241e0b25.txt

  • Size

    759KB

  • Sample

    211021-ptdt5sbbdp

  • MD5

    b1a471709f6fb58395e9c81a44f94bd7

  • SHA1

    d086a38907fad7926fbb37a65a306e82ed2db6ca

  • SHA256

    e3405e4a0f13850e6ba7b4e924c7ba1e016fa4056059f3f6ea3afb2ff10364d4

  • SHA512

    f603e0ec4e4bd8b94016066e2467db74c4d069761617bb5e358bc0266b02c23e09a325223cb7f4355fe9691412900f9696ede6c2d2857e1be22dcaed468ce6fd

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

http://103.125.190.248/j/p12m/mawa/30b1acecbda6c5d6ed4c.php

Targets

    • Target

      92c492_e7293c57732f4f278d939202241e0b25.txt

    • Size

      759KB

    • MD5

      b1a471709f6fb58395e9c81a44f94bd7

    • SHA1

      d086a38907fad7926fbb37a65a306e82ed2db6ca

    • SHA256

      e3405e4a0f13850e6ba7b4e924c7ba1e016fa4056059f3f6ea3afb2ff10364d4

    • SHA512

      f603e0ec4e4bd8b94016066e2467db74c4d069761617bb5e358bc0266b02c23e09a325223cb7f4355fe9691412900f9696ede6c2d2857e1be22dcaed468ce6fd

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks