Overview

overview

10

Static

static

SOA- Feb20...20.exe

windows7_x64

10

SOA- Feb20...20.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b192313acfccf7a8f6ad03b0f951e7eb9c071ec9ea7b0a6679965d59786b81e9

  • Size

    307KB

  • Sample

    220520-2aw8lafac2

  • MD5

    03f300f35c6474cfa9ced3bbf226caef

  • SHA1

    eed9b7af3c26e90b82e786bb72a2f0bcd6b6180a

  • SHA256

    b192313acfccf7a8f6ad03b0f951e7eb9c071ec9ea7b0a6679965d59786b81e9

  • SHA512

    890dbebfb0c87c0ae0060429627c90436170c4df9934e9f016d53a23c51e83e9371d19b47803cf29cdd4859680f1c34ca3864c38b5bfcbe9f2681816a3e2543d

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @damienzy.xyz2240

Targets

    • Target

      SOA- Feb2020 to Jun2020.exe

    • Size

      324KB

    • MD5

      c77edf13eafc541ba8bfdfebf7e5aa9b

    • SHA1

      4ceb14f6732f5f6a530623941e83ae1a49379cd6

    • SHA256

      9aa09beb9797b5ae4b2f80937442a013a32e78cfa8b59838cf364a53d65f71bc

    • SHA512

      ca6d3ab46bee1b43e829f0257921baf61681092644a908bab1840ce64de18a6343fce600611794dc802c448ef6365775f76a69a50050c50d2d0809762d3dcdcd

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks