Overview

overview

10

Static

static

PO1909003 (India).exe

windows7_x64

10

PO1909003 (India).exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25ff617424cc6aacabca49d2f8bc71245fd28dc0acf0a26ea6192699d1322246

  • Size

    588KB

  • Sample

    220520-2z2vdabcem

  • MD5

    7a228f182a0ef8c96394ca08baa84562

  • SHA1

    edfc33458c9101f95cf01fe055de047f2f35a221

  • SHA256

    25ff617424cc6aacabca49d2f8bc71245fd28dc0acf0a26ea6192699d1322246

  • SHA512

    2e3b89a3c46cfef2379fed8b0ee69773f00a2443d1a1f482e782535e3d4a411dacf602512c526dc288b9b5916b400a36af777ca315bd3a2dd27869d1e81cebfd

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    webmail.mrconsult-kw.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    BADAWI1234567890

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    webmail.mrconsult-kw.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    BADAWI1234567890

Targets

    • Target

      PO1909003 (India).exe

    • Size

      527KB

    • MD5

      14e521e9de293f346c84d6ce637a3b1b

    • SHA1

      9412312a8c9beb575e353dcbfb84d14e77c8807e

    • SHA256

      74a4f01410127eb8a0cbfaaf9f8c60eb31bf8aad55599ba514d6ef02c9f660ff

    • SHA512

      59f0a606fd9d43c631c9d4afc654623e50acc85b4b9bdbc954f15b534bf58693b134ede171fccc7ce3d16dc275b0e944828ff0f7ab9e886ced8954a2628c5f65

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks