Overview

overview

10

Static

static

PRQ-12211222.exe

windows7_x64

10

PRQ-12211222.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PRQ-12211222.exe

  • Size

    377KB

  • Sample

    211026-p9x8qaheb2

  • MD5

    40746965ba5f2ee9b0095f20725c5d92

  • SHA1

    c62e4699be46425de7f1eaa3d58d9f8905c3f1b8

  • SHA256

    eb79e35ccebd02f6d8f990f16ba68fe3597aa0957fcd7321a11d23034c647cd9

  • SHA512

    d7fb7c4f96fe9e343ce2585a255325d2b24eb2ae9c42235be69cc20cb99653f44f0abadfaa7cf32510707d6268252cb97db1a413b97b9a3722b592a45ab8a989

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    box5363.bluehost.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Hajarbh@1993

Targets

    • Target

      PRQ-12211222.exe

    • Size

      377KB

    • MD5

      40746965ba5f2ee9b0095f20725c5d92

    • SHA1

      c62e4699be46425de7f1eaa3d58d9f8905c3f1b8

    • SHA256

      eb79e35ccebd02f6d8f990f16ba68fe3597aa0957fcd7321a11d23034c647cd9

    • SHA512

      d7fb7c4f96fe9e343ce2585a255325d2b24eb2ae9c42235be69cc20cb99653f44f0abadfaa7cf32510707d6268252cb97db1a413b97b9a3722b592a45ab8a989

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks