Overview

overview

10

Static

static

COMPROBA.BAT.exe

windows7_x64

10

COMPROBA.BAT.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    COMPROBA.BAT

  • Size

    735KB

  • Sample

    211022-ytyc8adabm

  • MD5

    82e1d03d8c42186ee9816ebbb7a71e78

  • SHA1

    a363c459629fca6487c6f2b8265ff2cbb016d628

  • SHA256

    5e1daf38670154cb7700b046673255609c6b7ff7e8c518e4186d86403d3ab713

  • SHA512

    5af977aabf13f1ee37dcbcdeab72b21e05300604557f937650ec48f1f6e104fdeede56f3ea7a52c30d7a60e8f31046c0ae6debaa5b2d173af8f1e1a7f88355fc

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.mudanzasdistintas.com.ar
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    icui4cu2@@

Targets

    • Target

      COMPROBA.BAT

    • Size

      735KB

    • MD5

      82e1d03d8c42186ee9816ebbb7a71e78

    • SHA1

      a363c459629fca6487c6f2b8265ff2cbb016d628

    • SHA256

      5e1daf38670154cb7700b046673255609c6b7ff7e8c518e4186d86403d3ab713

    • SHA512

      5af977aabf13f1ee37dcbcdeab72b21e05300604557f937650ec48f1f6e104fdeede56f3ea7a52c30d7a60e8f31046c0ae6debaa5b2d173af8f1e1a7f88355fc

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks