Overview

overview

10

Static

static

YdvJnnnDX0FUKjI.exe

windows7_x64

10

YdvJnnnDX0FUKjI.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d424ebac88ac6b91b12abda0c1c548c5e74b1241040509668732b3f1d4c2b2ef

  • Size

    273KB

  • Sample

    220520-18e7asaaar

  • MD5

    45674e014ca4d8250c3ee58212cf8adf

  • SHA1

    58672d432e9e1b2ad15d1a01e379492085c24edb

  • SHA256

    d424ebac88ac6b91b12abda0c1c548c5e74b1241040509668732b3f1d4c2b2ef

  • SHA512

    3f296b5b26c3611f55817909a8993a04bea97cab08d19ab41dcedd606cd58ce776b5d2c6b57cf9f84fddb2e4381ba53c4b9d7bab49421f53afe5bff5d3e861c2

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.arhigraf.ro
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    kH~2kU(;kEtR

Targets

    • Target

      YdvJnnnDX0FUKjI.exe

    • Size

      290KB

    • MD5

      1795c0e7a5c67752a3e13c5a0f6ce9af

    • SHA1

      509635b13636a2b0dc5308270fbabfdfa4e0a020

    • SHA256

      6fae5955bfeac6e762f65fabedb2be2fdcd385347e6b9db19825096ee2ebd9a1

    • SHA512

      ed7384717a3c6c63b53188b73a46c57058f4bd327c14fb11f23ae7e8c42cf7f63a7e0aef6914cc08301b4615d3f3d9d87c56037a37e4e57269e63703d53683d2

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks