Overview

overview

10

Static

static

PO INOXIA-2020082.exe

windows7_x64

10

PO INOXIA-2020082.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    61ea6e1342281e38042f00f2a82307b01ceba9b25f78890703e96f8c3eaa9a63

  • Size

    249KB

  • Sample

    220520-2yn7wsgca5

  • MD5

    0d5a55caa2b37267a205606ec6135613

  • SHA1

    f34e4f7a0b7a5d0be9cc9d5c63041463d86f5370

  • SHA256

    61ea6e1342281e38042f00f2a82307b01ceba9b25f78890703e96f8c3eaa9a63

  • SHA512

    1624dd9cbbf5d7067e318ac9d45deaf00f0c4b73c972db496e0d445edb0482ffc615b473ae3a2dbcd118ef5cc2cd75a2f370c7c312cae5190856a2f90682c5e7

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ALIbaba123

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ALIbaba123

Targets

    • Target

      PO INOXIA-2020082.exe

    • Size

      424KB

    • MD5

      ff4ff46409c73358cc11865f5ac36171

    • SHA1

      58864703ce881498d78da64cc39510f0eec72927

    • SHA256

      eddcda48d1058487f653995ae77469d407cd02a7b2bf9d6059a61ddeeaa83f70

    • SHA512

      88a6df6bb13cdaac34ffebc7a10a5bf371d25cbf75a2c5206d87cfbbfdea1c16b179f1c98f4eea52ccac914927e508fc4a904ca714cb24c87fc06e1302de2522

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks