Overview

overview

10

Static

static

1

DOCUMENT N... 5.exe

windows7_x64

10

DOCUMENT N... 5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOCUMENT No. 4 & 5.rar

  • Size

    412KB

  • Sample

    211203-snfy4abhd2

  • MD5

    e07533a3fe467c5c69b60eb6deeb6cc3

  • SHA1

    ef2babfc7b5f1c41ca8572da93427e275a4cf378

  • SHA256

    b141faddbcb0caebf4aee4b27128609d2a254719da84371a64867bb3ef27be3a

  • SHA512

    c59dc9be19e6da5c59d3665e33b4ad6806293b04e139cf1cee128cbf7b4b820fdacd7a758864121b18b3756fc4b998a3ddb6f5b69ea6253a7fb3e97a9581defd

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.scahe.co.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    scaheavy@12345

Targets

    • Target

      DOCUMENT No. 4 & 5.exe

    • Size

      543KB

    • MD5

      83600f4b738720bfdd0f0a65d3398a79

    • SHA1

      ac1e74674eee3c0249c9bedfe041c90bd83327f5

    • SHA256

      c5f0b11cba973a4b098ef858ae755ef0e6353296ae998503eafb3a67fa21d1c0

    • SHA512

      35e767959b6deb51323414f1875aac16d1b68d79c87eb834fd0bfd6ca4d5165d35dbc7b6dab2b57cff1d70fde0fd6d6fb9878983b95cd21961378b2a5511502e

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks