Overview

overview

10

Static

static

1

COVID-19 E...cy.exe

windows7_x64

10

COVID-19 E...cy.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    COVID-19 Emergency.exe

  • Size

    610KB

  • Sample

    211026-t6kknshhf3

  • MD5

    ea4216e97a3007309295e8a7b769208b

  • SHA1

    bf86f6614965d6ebd5d2ea10d46780a86b225c44

  • SHA256

    7a4b1e5015937985613975df6c4f2046b0398c6e32ea10b780da1cce61ef3d44

  • SHA512

    3d13436cfd5ab6db58b017fb7ffa1bfc62cecf9c899a5d880233457f0ac9dd331c37eca300271cdf2ed0cfb6a7e437299861aee3c8635bc33812fbc8830804ff

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      COVID-19 Emergency.exe

    • Size

      610KB

    • MD5

      ea4216e97a3007309295e8a7b769208b

    • SHA1

      bf86f6614965d6ebd5d2ea10d46780a86b225c44

    • SHA256

      7a4b1e5015937985613975df6c4f2046b0398c6e32ea10b780da1cce61ef3d44

    • SHA512

      3d13436cfd5ab6db58b017fb7ffa1bfc62cecf9c899a5d880233457f0ac9dd331c37eca300271cdf2ed0cfb6a7e437299861aee3c8635bc33812fbc8830804ff

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks