Overview

overview

10

Static

static

3a4fc42fdb...7a.exe

windows7_x64

10

3a4fc42fdb...7a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6647473163108352.zip

  • Size

    732KB

  • Sample

    211231-mfe4yafcfj

  • MD5

    edc795bfc47de956665640fbac377a31

  • SHA1

    489c96bc473ae2fa47a71a0231319a0cda538339

  • SHA256

    c1b1647d0139cec7502ac097db85343e037559ed0afacab08f50a29e0adadfe1

  • SHA512

    f5e02aab1643c7f1d06a2ac05ad8d9afe7e6706827cff6f0e953fd79a970a78ac966a4b142ea4a1904a1450024f4350063ee2239c5a954173689bebc27ad2e3b

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2049439171:AAHTF-OzMCy9i3S0b0hmaVc_mUsY0h6Ue_w/sendDocument

Targets

    • Target

      3a4fc42fdb5a73034c00e4d709dad5641ca8ec64c0684fa5ce5138551dd3f47a

    • Size

      300.0MB

    • MD5

      02991d493aedc4e3b544cf5b9ee57499

    • SHA1

      1de6c330b46ac1de2ec149cdc5c3c4f3da979863

    • SHA256

      3a4fc42fdb5a73034c00e4d709dad5641ca8ec64c0684fa5ce5138551dd3f47a

    • SHA512

      78ba8d96f2c2a91e951980abff59b256ab5e4297bbc12ca9f6a9fcc54036391b177907d74061459a44d2527c92bb47f8ef13a69ef8500fd303dfc41a1c89300d

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks