Overview

overview

10

Static

static

PO2018975601.exe

windows7_x64

10

PO2018975601.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO2018975601.zip

  • Size

    361KB

  • Sample

    211201-jq1a3sagdr

  • MD5

    625cedc1575c8377027e3fe6d3ab3c27

  • SHA1

    1868383d770f88562e1f74bdf163041a08ad6ab8

  • SHA256

    fbd9accbd658afec40aece3cd8d1a6bcb83c442411e1938a380e55ba939e1065

  • SHA512

    299796ca8d474f0f1722c36fd352c01d8ea5fce1780eb486651041c38f37489596895f42ab08a49974a3870c501648cf535687e37628a3675ebaed8b50e9030c

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.modularelect.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    successman12@

Targets

    • Target

      PO2018975601.exe

    • Size

      482KB

    • MD5

      c2824b16cd452455bdc2170a28c1307c

    • SHA1

      ad49cd0bc221f164ec9abf86668986d1405b9e63

    • SHA256

      75258985f5c24ce6f71734acfaaffce29c0a3c7826b22fe25f1debf21180c8e1

    • SHA512

      100072707f4ba9f409015ebcc5010fd160ee6f5be300689c079c8035af7193bdd35ebe9a9c1786a519db9667c1f826816d45da3e8da6e158884230cfdd61df5e

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks