agenttesla | 59689485a25486b6502e0d7d444229993c9f4a726fc5dbe01bc1f773d16dc7a3 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ- WORKT...R0.exe

windows7_x64

1

RFQ- WORKT...R0.exe

windows10_x64

7

Sharing

General

Target

RFQ- WORKTOP -FINTD-RT-18-193-R0.zip
Size

96KB
Sample

211203-vfv46acac8
MD5

4463b79ebbd79b806ed3f5f094bfff83
SHA1

14b9915301b51d1a0f764add0b67250600b8ed2b
SHA256

59689485a25486b6502e0d7d444229993c9f4a726fc5dbe01bc1f773d16dc7a3
SHA512

ac4e807ffc464c205cc44b75bbffd0f3836dd44b7a34d6b14efd2032fa58045d4a704b754630fe6b15bfe3eea7a99b22a375f5ee7e50216da96a3050d9e68ba7

Score

10^/10

agenttesla collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

RFQ- WORKTOP -FINTD-RT-18-193-R0.exe

Resource

win7-en-20211104

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ- WORKTOP -FINTD-RT-18-193-R0.exe

Resource

win10-en-20211014

collection spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.hybridgroupco.com
Port:
587
Username:
[email protected]
Password:
Money123@@@

Targets

- Target
  
  RFQ- WORKTOP -FINTD-RT-18-193-R0.exe
- Size
  
  215KB
- MD5
  
  057c210911045f8f4a62ff3cacc31829
- SHA1
  
  8f779ff6231c764901c16e688bc44aba69acb5f5
- SHA256
  
  e278e44869b4560ae8cab37e0d71ef79ede0f73a5b4176ce04db3c2818cec336
- SHA512
  
  f6c55d0440e3a8b6614ddf4b0ae218d01ae283c58fae6eaafb90be74b8edbc1bb685169a5139f21c638290b1241078237ec356ea472113c6e8889f092f1500ff
Score

7^/10

collection spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy