Overview

overview

10

Static

static

Transfer I...s .exe

windows7_x64

10

Transfer I...s .exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1cdf68d4da8c8620d40cf6692a2aa0e1b6b67952c3a506370573ca4925b97907

  • Size

    388KB

  • Sample

    220520-21dtyabcfr

  • MD5

    aee87f828f332937b0a1216e514ff59b

  • SHA1

    86a931c132009fd7b1a3bfdc1f6558129315565e

  • SHA256

    1cdf68d4da8c8620d40cf6692a2aa0e1b6b67952c3a506370573ca4925b97907

  • SHA512

    b3f700aa6f840cc1e6407f540a09cb74ce4cd85bebb121051dad13bf527bcbdbfcfdd7de79351c9059f60d1a30a0a6e54207bd3ac99c69e585c320a1e15f3f81

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.imacdeveracruz.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Nal02ti*

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.imacdeveracruz.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Nal02ti*

Targets

    • Target

      Transfer Invoice's .bat

    • Size

      429KB

    • MD5

      0fff5b73038ac38162236a9d1545a3d3

    • SHA1

      38bdb5b9f1098aaab60f77792eddf1acebd8b63d

    • SHA256

      e1edaeafb526cd694a3f293cf47ad4bdb832cc0c6d697a1f386d0f9b63dcd152

    • SHA512

      4751d9307abfde72cf49c20f87930d4edd904b48c6376ba052f119cdc52bcd51a4ac4aee99e84ee2809532bc539c0f56d1157d23e396c19fc03ff9ff50435ea2

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks