Overview

overview

10

Static

static

Swift-pago.pdf.exe

windows7_x64

10

Swift-pago.pdf.exe

windows10_x64

10

Transferen...co.pdf

windows7_x64

1

Transferen...co.pdf

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    attachments-virus.zip

  • Size

    566KB

  • Sample

    211023-j29znacbg6

  • MD5

    eb31ed47e480118f81cd411e1b596e4c

  • SHA1

    1ee54e2ac07b815b7f0355332abc60d94a0fd4c8

  • SHA256

    eba198c71f047f143f329759df49f33fd0d28ec83018098996eef7285ce0c7bc

  • SHA512

    63a33ae27edcc97f6b42286b33d91e58498323aae0bacd464f9ef887e7b384e2d0c1b7a18dd8cb56c4a45e891590976ddc539243c1798e27cf5e706ee4a39ea8

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.alimentostolten.cl
  • Port:
    587
  • Username:
    mojo@alimentostolten.cl
  • Password:
    icui4cu2@@

Targets

    • Target

      Swift-pago.pdf.exe

    • Size

      38.0MB

    • MD5

      08a5400c20f882346a1f2b9e04cff8d2

    • SHA1

      2cadd3ff90433197824a547ece57da36435fb64b

    • SHA256

      33908ca6bf57c6bbb1375a3d58f4bd5c490451cfad130aaacd61e08020c94e00

    • SHA512

      73bbec6ba2c7127c9b65e99b16e202eedc38c0f1e9d8e6e497e211bfb45ced47e5d7db5e17205d92cc064651610d15a815449f036e01f0616b7e175ce5b1a612

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Transferencia-Ci banco.pdf

    • Size

      1KB

    • MD5

      7193fc11039913b62e2252f801a276e8

    • SHA1

      4e4d3061469ac41fed98935fc7fa551dd4b235f9

    • SHA256

      0fa752460de8ed8c0005e24aac53b93ec9eeb8950757adb663bda78a76375a6b

    • SHA512

      187a8e3b80e20e5f991a95db656a8ac4448239fad45ae8e64affcf96f19f54210dba98ccb4dccaa8e33196e3f1d400845b668b242aa74dcb0afdf944cda65360

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks