Overview

overview

10

Static

static

Cotización.exe

windows7_x64

10

Cotización.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a0fcb5d8f6af7187988ecf60ab501cd9f3f4adf6120b73dc5bb6c79762d440d

  • Size

    487KB

  • Sample

    220520-29l7nsgdh9

  • MD5

    898700e979049df00303aa2a73745afb

  • SHA1

    1f625b226058c5e416255a86937ebf40c2e27eaf

  • SHA256

    6a0fcb5d8f6af7187988ecf60ab501cd9f3f4adf6120b73dc5bb6c79762d440d

  • SHA512

    bedcf1efbd0739fd67262cd8371d1e130948cd02c3d8ca6f388953092f231096bf509569bee9a5c22f82e49d765c0c81ad5b28926a2bea0763e9d50d354eb053

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    westernpremierplus

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    westernpremierplus

Targets

    • Target

      Cotización.exe

    • Size

      633KB

    • MD5

      db9bd8b19c0dfa9f3dbcf6c1eb2db758

    • SHA1

      402271c81c2206ce62eb6a9a84468df7cf23c657

    • SHA256

      c5411f20ee7c363ca543f00f10c8504da8d0cd87221333deb952bc3ee8f7a29b

    • SHA512

      37b4b718da4d38236d0a169f9331ff821915e663c67c003abab0df14e691c047080deece2e3b31be75ceb355b90d7ae91a14ab3214145bde62f7e77272304e94

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks