Overview

overview

10

Static

static

Rina Molina CV.exe

windows7_x64

10

Rina Molina CV.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e1d957c1b1bdc29cacf803b647a9a7c6e8041725666aefa08856448ead65cfe

  • Size

    320KB

  • Sample

    220520-2s2k2aahhp

  • MD5

    74420898ddb40848569cc96e797ebcba

  • SHA1

    76bc6fe3074a6509125866f212518f3a86fb7ee5

  • SHA256

    5e1d957c1b1bdc29cacf803b647a9a7c6e8041725666aefa08856448ead65cfe

  • SHA512

    dbaf58c292dec614f9219e81805422995f3faaadbc839783c2cf6d9a7b663ace068349261a204f09e51e9e294c729728a67f68c7f7343c33af895cadcf33292e

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.pharco--corp.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tHKfMRa2

Targets

    • Target

      Rina Molina CV.exe

    • Size

      381KB

    • MD5

      0d48cea7e57d061c16799f78758155a7

    • SHA1

      602c5a5bede289653b3dc2af17d387631c78af99

    • SHA256

      d9ee31e780e46884328d6ddd9655b69bc21b3799148560622c7b0f03067ff9c3

    • SHA512

      90942463d0ff896d1bc3bbd5dce92d3950fd6c6268379f07d2dd0b3c493a6ab422a17d9f31fcb6c948856febc092b5cb888db6e693234490ed14cb8ff64f4803

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks