Overview

overview

10

Static

static

HBL.XML.document5.exe

windows7_x64

10

HBL.XML.document5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ffba2af0f6512e2708cd3118c2cdc6740c3241f4c996fe093830fb013e51d25

  • Size

    573KB

  • Sample

    220520-2j7qpafea3

  • MD5

    10f0fd06b18fd0a563e8deb558a28477

  • SHA1

    a21cbf3f1540d4324b17e41492ffa2ff553c4d6a

  • SHA256

    3ffba2af0f6512e2708cd3118c2cdc6740c3241f4c996fe093830fb013e51d25

  • SHA512

    79e457bb8eb16e957870f8469a065ba4358662c79eecb5e28beb9535071594eef7c4caba0dfa31196afd554a2ce774b032b439d2b2273b3689076914abcd5aaa

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    qwerty123@

Targets

    • Target

      HBL.XML.document5.exe

    • Size

      609KB

    • MD5

      0f8fa81d21ef22bb74d557f2bc775b88

    • SHA1

      970259ff5d86466bbd86cbcc2515d66d07541983

    • SHA256

      936f5e5e867ca1c182bfe0dde236ee7605131e3082371a3ce34d2c82c4428881

    • SHA512

      f1f6aacdc50217d529e932673d0368a45a79d90f10ea5201604e375d9a55b66e0db148c0516e82259b85d26f9eb75070e87f0cd02e6cbda7554f2e71532076f4

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks