Overview

overview

10

Static

static

1

Ref. # IRQ...83.exe

windows7_x64

10

Ref. # IRQ...83.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ad1535e19ff916e62db8a6c626d30bc.zip

  • Size

    329KB

  • Sample

    211026-b58a8shfcm

  • MD5

    910bd25589f81889030be4ff48e38386

  • SHA1

    9f9d316cf4200ae5da54ba3575220f1e4f22fc68

  • SHA256

    0889a31ccb04881590676e8ceed902d4d1b0c7006f3c478febd4d16931bca99e

  • SHA512

    4f662e1021875dc6fea7f41f966332b6b0f67c9a85448c3e29763d094c92f8de521248f83854c8d0db5a5f0f553decb98025485ddb26760f584a727028645870

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot1900836728:AAEDyoYbBJwtt1EA4hdgRlGTN1cq760KPNU/sendDocument

Targets

    • Target

      Ref. # IRQ-21-007783.exe

    • Size

      461KB

    • MD5

      c8e1f5d76a8f5131e5347c76e9ec2bdf

    • SHA1

      fcd565e0c15debaba5186e2832beff76b83b6301

    • SHA256

      29b1033a886b90d092ec14041729bca1d00a4da73457ad62bebd03251343fefb

    • SHA512

      7f8298c3e626a54470b4823b6898008b30d095e25be0d5a9530162a866ebe7ee696999e3a22d41d90271a0c20039d70e9c77623b0a72de640fc0b062d2edcf54

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks