Overview

overview

10

Static

static

PO-SER-PL-...__.exe

windows7_x64

10

PO-SER-PL-...__.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef2471abd3df40eb740829f5e77d1ed5b03084288b87ab381828345b0ca5bdbe

  • Size

    516KB

  • Sample

    220520-159lqsefg8

  • MD5

    8c238d7772472b739c4fcc16eee59b52

  • SHA1

    314a991d883843beb119112d581b0b8725f03520

  • SHA256

    ef2471abd3df40eb740829f5e77d1ed5b03084288b87ab381828345b0ca5bdbe

  • SHA512

    f1859935204ec0403c4fcfb74c191cf4738ca78499c08f57db16dd65eeaae3d05dbb867fcc1fae7933e45cb4e6ff9a9e0b85fd392b59700c4f272f19d5d8614d

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    opjis0123

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    opjis0123

Targets

    • Target

      PO-SER-PL-M17220.Pdf_____.exe

    • Size

      543KB

    • MD5

      0df52a14762922d0cda8cd8e5a26aa9f

    • SHA1

      de55f7ee3187086acbf4ce7969080847eae81b9f

    • SHA256

      40320b0e68eab85d1bedae171c4f0bbafd5bb19059038121247229c2186a66ec

    • SHA512

      30adce433eb9ec4402f4b3871ca6b1176028404667789969e5bfdabf3c71acf793a194a3f8963acfeb429afa9c0bd5f0a5b5e7e06609e1b6bd1a952da765fe82

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks