Overview

overview

10

Static

static

7c997ad970...25.exe

windows7_x64

7

7c997ad970...25.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c997ad970ecdce19a66d96d27b62c25

  • Size

    735KB

  • Sample

    211108-rb5agshdaq

  • MD5

    7c997ad970ecdce19a66d96d27b62c25

  • SHA1

    51c297be002de80a44afbebfb6bbd9fb40b8828e

  • SHA256

    e869d1cd3c3003c1d017c24aff43b4d4932d715f4a5e81e2d0ba8452e5ab2cfe

  • SHA512

    cdc0c909c8f5de52578c7442d66ac2978e8a4df56eac0148df94d507371ae1134a6670abaaf4167deb7bd864e1f348d7f0d1a66ce7396c0f99528a348b95d6ca

Score
10/10
agentteslaagilenetcollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    nnabuike2019@yandex.com
  • Password:
    Nnamdikanu

Targets

    • Target

      7c997ad970ecdce19a66d96d27b62c25

    • Size

      735KB

    • MD5

      7c997ad970ecdce19a66d96d27b62c25

    • SHA1

      51c297be002de80a44afbebfb6bbd9fb40b8828e

    • SHA256

      e869d1cd3c3003c1d017c24aff43b4d4932d715f4a5e81e2d0ba8452e5ab2cfe

    • SHA512

      cdc0c909c8f5de52578c7442d66ac2978e8a4df56eac0148df94d507371ae1134a6670abaaf4167deb7bd864e1f348d7f0d1a66ce7396c0f99528a348b95d6ca

    Score
    10/10
    agilenetagentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks