Overview

overview

10

Static

static

jGlmyLDJOXpTOzi.exe

windows7_x64

10

jGlmyLDJOXpTOzi.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    142c7662a8e414946b59d2c1089784bd533d50b3542d212a09e821f5cb106b1d

  • Size

    345KB

  • Sample

    220520-2tlk7sgab7

  • MD5

    65f990d0d2179aa58724d4138d066f84

  • SHA1

    0b8d055819d2466166536be69aeb02c59edc6591

  • SHA256

    142c7662a8e414946b59d2c1089784bd533d50b3542d212a09e821f5cb106b1d

  • SHA512

    e9024f4e38055dc05d15c853e09ebd0320f39e227e78d51cc97e71a390054aa1ca05cf7b6dae99df5df5a67beae992d48423c4fdde66036b539ad17bbe59f2d5

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.gascuenca.es
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    gasW204@Z7

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.gascuenca.es
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    gasW204@Z7

Targets

    • Target

      jGlmyLDJOXpTOzi.exe

    • Size

      410KB

    • MD5

      9d07adda564bd7c533b801553068c633

    • SHA1

      559cdeb9bba4aff90d964bc91f7e3a0fcf6ec392

    • SHA256

      4d43cd0b305389cd14637ca465d51570c1561d619f978af6c50346b8d80ffe73

    • SHA512

      aacdcd8a5cb83a091971e8e77dabd44d7346c037e07fec04e5b6702417f6005efa482707c2188dea867617af6f1fe7084f6f0345d37e48fd03da2023bba7d436

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks