Overview

overview

10

Static

static

Ticari Hes...iz.exe

windows7_x64

1

Ticari Hes...iz.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e60245754303149a37219624e2dfc64fa4dc2028fbd98fce1bb0957d03c60d9

  • Size

    502KB

  • Sample

    220520-2gyp1afch2

  • MD5

    af722a4304fa4666d1519e0dd6e9905c

  • SHA1

    d4dd20eae3de7ec0ceb7ba40a991f4e29758b727

  • SHA256

    5e60245754303149a37219624e2dfc64fa4dc2028fbd98fce1bb0957d03c60d9

  • SHA512

    85d0a9c9053bdd3a8a662d3025d136136231b0857a7f31a5edb9c81756e42e1c4f66351185f45a02f85b784a3b28b4f1986d02d7271d060f132b69a9b65ebf75

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.pkstyles.pk
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    u@Lu)8oz~9+9

Targets

    • Target

      Ticari Hesap Özetiniz.exe

    • Size

      535KB

    • MD5

      c9d8a2ac249ab76e1e808e7956ff7354

    • SHA1

      ed7055fb28fac28fc2f6a8bd315a5d26f9106b54

    • SHA256

      43b9043095de14d30537478501d00056ff457e325588282279826e42bb01810d

    • SHA512

      bd25d0c2d986eb4c34f2b05eba5b0a00443d00901e3e1cb153469485a28a882860c87262e4c0aa6eff4ab33d590fca43a29dfbca8d98c5e8640058726b0be40d

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks