Overview

overview

10

Static

static

2020-08-05...DF.exe

windows7_x64

10

2020-08-05...DF.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc45b79bb88cbf178d6645cc3309f284e967d181c00bdd5ce853673e0618e70a

  • Size

    346KB

  • Sample

    220520-2ttltagac8

  • MD5

    49b51b7e39672059ba22378d17d6f7a7

  • SHA1

    1fb2870586c7fcd71ef7cf925668f25bfe22e55c

  • SHA256

    cc45b79bb88cbf178d6645cc3309f284e967d181c00bdd5ce853673e0618e70a

  • SHA512

    8e976a77af16481f163aae12a0b3fb113924ad331b42d76d70a0450a499a72adaf137c5a02bc173e2bb79b3efbfc604e063ce662e5254c9d5a7691781cab8579

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    111aaa

Targets

    • Target

      2020-08-05_2020-08-05_B00000303287_K71223.PDF.exe

    • Size

      284KB

    • MD5

      695f814454972a685e1162e9b5629f32

    • SHA1

      92b54409a877f384bc4fe2b274de5ce4d281b3cf

    • SHA256

      d28d5eb6ef6a35c2323f5b10e3bd013eff3338197df93c562dd55455b9ab4911

    • SHA512

      06542dffd7b11acbab261053f5b4b14a2eea3adbb65d47da9181353cfccea60575dce157d980fa9bcc8b6f3f1546a4d7acade92ec816cfe67e3c956ad2553764

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks