Overview

overview

10

Static

static

10

order for August .scr

windows7_x64

10

order for August .scr

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e5247cb876de7d41c8cd2d350aa6512aeb1f93da5fdb368075d5cc97accfbd2

  • Size

    1.3MB

  • Sample

    220520-2zth1agce3

  • MD5

    f7b01ebf3d1852568404cfe4cb7263c2

  • SHA1

    4a682c469015e4ffb3c6033371b3b80dc63ae2e9

  • SHA256

    2e5247cb876de7d41c8cd2d350aa6512aeb1f93da5fdb368075d5cc97accfbd2

  • SHA512

    487ae7fbdc1c064b5f917a90d5169798c677f5993b0772a951cad3ddeff9dd705358c6c5b8907319a4652f796f9eb3b020ee3888b319ebcafff7b3743445ca58

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Doggy@#$234

Targets

    • Target

      order for August .SCR

    • Size

      1.7MB

    • MD5

      a3732c7e285f3c9f310ba3aa0c80b324

    • SHA1

      fb2c4beef9c57c54519a238870bb6cea0fd7f05e

    • SHA256

      1fe24761cfcb48d6d3a4f1ad9d02c2429c7f567fda2bda78f5d12c89717c6285

    • SHA512

      de1049c97658a7ec1d37bfe7e6cd39ef04df75b13cb5e7381413c4e9cc95757b2d62a191c020ac3c599a5c77ae22696b20b72ea13fc70fe2283fae849812dc2a

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks