Overview

overview

10

Static

static

SHIPMENT D...07.exe

windows7_x64

10

SHIPMENT D...07.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad3c482d0df04a21734cfca2bae753158fa3bc697ff87004c0570e3d026f3b1e

  • Size

    333KB

  • Sample

    220520-31b6sahgh6

  • MD5

    b468bc74b417f1674c67262d4502f8b6

  • SHA1

    6e6c31f113e75377399a2d852ca44f1861d268ea

  • SHA256

    ad3c482d0df04a21734cfca2bae753158fa3bc697ff87004c0570e3d026f3b1e

  • SHA512

    c777c2a9ce71f76648251f7e669e9e8193021de68b58a42943563f0bdcdd2bf7f96f811c22c6cefd63d25ebaf656d36ff7616c4bc8fb97bd1ee9499cbaa503c6

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    amblessed22

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    amblessed22

Targets

    • Target

      SHIPMENT DETAILS - AMSGEV2007007.exe

    • Size

      432KB

    • MD5

      bd69e795385ba6cb838fc97ef1d97224

    • SHA1

      a4a43a70aab459d6792f3473a4375e309ac20f56

    • SHA256

      f8a0ada1c983c16a3ff6b107c2a04cac970e51ba9bec2514771271af03b7b9fc

    • SHA512

      894438f62cb2f3c7d839fb580c56aa091f71dc925fb3373b73491bb5e780cd96de69a0a380e646bc123bb8aa94b730bf7f622354f1b5b28e2ef5a0d01df3be44

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks