Overview

overview

10

Static

static

INQUIRY_pdf__.exe

windows7_x64

10

INQUIRY_pdf__.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    300b58c2becddba9d514fbd569da74a47295518e3e9872035142f5ad9e99923e

  • Size

    370KB

  • Sample

    220520-2zrpeabccr

  • MD5

    bbc8dbc043c8816c2e62ae4ca57d4f95

  • SHA1

    99108538b2f930285f3ce950f270d7b500427aa0

  • SHA256

    300b58c2becddba9d514fbd569da74a47295518e3e9872035142f5ad9e99923e

  • SHA512

    1a63793126f3f23065cc857d467c33431c5eecfb78a4da75efc282ff1e9d4f84e02dbcca44b95680f1f8276859f37db22b2789ba27e060d70d860f5823568cec

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.jpmvt.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    P@ssw0rd

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.jpmvt.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    P@ssw0rd

Targets

    • Target

      INQUIRY_pdf__.exe

    • Size

      525KB

    • MD5

      15e91b66fb88390b9833cf3a79cab0ca

    • SHA1

      e370b599b7e53bf35890e2e2f7e7b1a7e978ce86

    • SHA256

      da7f00e9042a254deafda735ffb54a8c03b4d3af45bc297d1dd412f7840cb77f

    • SHA512

      d5e5e63c7897506d80608ffff0571897b899d3964e19c51f8762412d04201a67b72a179bc11e6afb3c940a241dd42505ea9e074a947055b27aa6a4bd3704553e

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks