Overview

overview

10

Static

static

RFQ.4414_122.exe

windows7_x64

10

RFQ.4414_122.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1169446616a4ee3924ccf9155964f6291d97645af930a92a82a9a87d3ccaf7c1

  • Size

    606KB

  • Sample

    220520-2nmw3sffe8

  • MD5

    7deb71ef9fbed393e2918b2af3586cf9

  • SHA1

    c2636b126e3bfecc9cc00ed52c862c924c594b15

  • SHA256

    1169446616a4ee3924ccf9155964f6291d97645af930a92a82a9a87d3ccaf7c1

  • SHA512

    3581b5dae3e85035cf004d7ac845bd731b31d3c233f47c2051fceb63477300eaba47a9329ab786101777fe214f98aeac3409de2dc97d8c10ccdf1d68846d5554

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.mehatinfo.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    V}muUc4yRa]R

Targets

    • Target

      RFQ.4414_122.exe

    • Size

      634KB

    • MD5

      d026d6d25bfd7f106f6acf63cdbece03

    • SHA1

      b2c3509de0049d6172b45a8639d27ea996f347e8

    • SHA256

      77682fb2cd5b31c9c8f45afa66b50e52f0f55e37a66bd6efe0ebdf10fb52b5e0

    • SHA512

      92cc03e52d269865d6cbdeb94fd55e7107de9e240622023ce6775533c14d5321a16d60ea4104394a23fbf45a212e91c1ff5664aba99f2945bb15d1ddc913e34a

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks