Overview

overview

10

Static

static

sales _pdf.exe

windows7_x64

10

sales _pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c3c3f470611ca082a3c638b2f5f589c8459ce8abd9f2f8fbde6a7916f12bc2a1

  • Size

    350KB

  • Sample

    220520-2rh3asfha8

  • MD5

    b9fdafe4e725b79a0f8461161746daf8

  • SHA1

    8ebc75335de15fa989c7dabece111c8a23381e2b

  • SHA256

    c3c3f470611ca082a3c638b2f5f589c8459ce8abd9f2f8fbde6a7916f12bc2a1

  • SHA512

    f45656d9a8e29314116aa26227232bd66c57f73fdc2296d13749594377aa18351496972d833f78f5ec2bde172f73d0b76aef03c21f8a75dd75c32d54f30abde7

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.parshavayealborz.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    P@rshava123456

Targets

    • Target

      sales _pdf.exe

    • Size

      389KB

    • MD5

      4747f3b3a3564b5ea5c5ae0458e8cbdd

    • SHA1

      6fe111382094e485c5f4c94cee08326073326c9c

    • SHA256

      6fee5f036747f42839ee7df45c9f6480c9a5e7f3eddd546638f26858b2dc2276

    • SHA512

      99b7f8798c787a268f9b7e5facab12e4ac75bc0f60e38dde76a38338888340ad697d1e1fc7e8576364f026bfbdef27330b9324d079c7e3560b6443c123dabb1b

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks