Overview

overview

10

Static

static

Quotation List.exe

windows7_x64

10

Quotation List.exe

windows10-2004_x64

10

Quotation List_..exe

windows7_x64

10

Quotation List_..exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7070c5abc1c6d99bc327d1e36ee047a7293f4d3de5d50ea58e7b4b46f74ac92f

  • Size

    598KB

  • Sample

    220520-3avkfaged9

  • MD5

    436e8d81e18298cbdcee842599286ff6

  • SHA1

    eaf68070121458f4e7f8fd1cc5214b1e6694f876

  • SHA256

    7070c5abc1c6d99bc327d1e36ee047a7293f4d3de5d50ea58e7b4b46f74ac92f

  • SHA512

    ff7a6afbe4a8dc0312e72108f353d617a305a6e987ba902c823599135c5178b58cfcc968febb751da096f23fa8624471acd77dab1752339ab1812bd4902ac396

Score
10/10
agentteslaagilenetcollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    public12345@#@%6#@

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    public12345@#@%6#@

Targets

    • Target

      Quotation List.exe

    • Size

      601KB

    • MD5

      9526050cc6e671ecdd00c16288be6772

    • SHA1

      e6eb495755ff695bf35a079fcffea03fa5d3eb2c

    • SHA256

      2c13ec5658318ce81c8da312fc020d69b881cd98ac01f7dae28c7e0150ce1698

    • SHA512

      60fbca5ce82fa0b589f63bcfdafaeaaf58e97f429a6ebbd3984e8504e5b7c82fc16b2e97e59694b9f6b7ed3cfe6285e04da93ad2d704bc67958fa1917e01276f

    Score
    10/10
    agentteslaagilenetcollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Quotation List_..exe

    • Size

      601KB

    • MD5

      9526050cc6e671ecdd00c16288be6772

    • SHA1

      e6eb495755ff695bf35a079fcffea03fa5d3eb2c

    • SHA256

      2c13ec5658318ce81c8da312fc020d69b881cd98ac01f7dae28c7e0150ce1698

    • SHA512

      60fbca5ce82fa0b589f63bcfdafaeaaf58e97f429a6ebbd3984e8504e5b7c82fc16b2e97e59694b9f6b7ed3cfe6285e04da93ad2d704bc67958fa1917e01276f

    Score
    10/10
    agentteslaagilenetcollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks