Overview

overview

10

Static

static

Documentos...es.exe

windows7_x64

10

Documentos...es.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00abddcc3b55414b6579772cd9f94efc5965ac8e632cfd3561ed9b4f13ab186f

  • Size

    400KB

  • Sample

    220520-2pvy3sagep

  • MD5

    6a0f89930eff2fea26b3c57b033f9182

  • SHA1

    630e4c1bd6ed7db3ab7460b213a258e3cd7b8bc6

  • SHA256

    00abddcc3b55414b6579772cd9f94efc5965ac8e632cfd3561ed9b4f13ab186f

  • SHA512

    03945234804a0028445b78709f5237a27e173178d4e8d6cac6abadccdb0845595cd9aff1c5bcc82b644d217c6ffa8d2109a056f2d75e10f7f66b3b09e95ff912

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.pharco--corp.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tHKfMRa2

Targets

    • Target

      Documentos de envío originales.exe

    • Size

      444KB

    • MD5

      1d9114f765f11b4c354cefe6c2986693

    • SHA1

      b9e6ada77040913608f93e68486e5372879b504c

    • SHA256

      738555842fd28072fedac20f99de12a1f64724d834bfcc3be9c857ca81708660

    • SHA512

      b40053d19d7670ecad1cb2dab8305f400c9b20e7edd9fffd1aa5ab62c84eabb3369dd29a90fda7d7283210efe2df0b5d75fa4a6e85f1d2b6274f8c0084d55966

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks