Overview

overview

10

Static

static

Term and C...ns.exe

windows7_x64

10

Term and C...ns.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    804661f3ee9687b482ad2bdf879f61254736c5bdb62493cc8ddfc927812a423c

  • Size

    351KB

  • Sample

    220520-2rnmsafhb5

  • MD5

    1ff81e38a4757320ab6c1b09dfe24e32

  • SHA1

    ae99d8fc6148ce939fceb8124566077476aa3b28

  • SHA256

    804661f3ee9687b482ad2bdf879f61254736c5bdb62493cc8ddfc927812a423c

  • SHA512

    44a4dfeca12cf44df5bcbdfa49fb714969791c72082a2f1fef8601509d9284119af895040a1e40ced3aea833e9a21883c3ec96f89a1755c67f890af936180a58

Score
10/10
agentteslacollectionkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.saamaygroup.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    pawan100

Targets

    • Target

      Term and Conditions.exe

    • Size

      389KB

    • MD5

      25c25e8a6169d9debe8d2d98a8264b84

    • SHA1

      7894e65a0ff81a059d6b72def4fc6a3563ed9560

    • SHA256

      4e6f8dbaac0d3d8f52ed89bbd3a295661640c929394ae12adb0248638eaf02d8

    • SHA512

      9b4025838ff70c094687617d48e8858d761932734ae7e2b2a3b1dddc0019fad05f26000333f05fbd8271bf59f641ae37f34109efa6cc0d864334db6fdb89c726

    Score
    10/10
    agentteslacollectionkeyloggerpersistencespywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks