Overview

overview

10

Static

static

Bukti pemb...20.exe

windows7_x64

10

Bukti pemb...20.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    298027d4982314094eb9841da056925e273e180a56d07b0ac538344a74a56ab8

  • Size

    419KB

  • Sample

    220520-3dkjmsbfdk

  • MD5

    65b78946fe9d26a80341a20ec5a371d4

  • SHA1

    0a3b620458ec03dcbd4dce9b93dbf9d36557011f

  • SHA256

    298027d4982314094eb9841da056925e273e180a56d07b0ac538344a74a56ab8

  • SHA512

    a216d00ad4229847183ca6cf690fbe7662c99a78efc1349948feb0c0f0fd95689294fcb4bc7a9259764b611738ae954c38f6f69493707dfb528555fc84d814ee

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.fratellidelpiano.com/
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    playboy123#

  • Protocol:     ftp
  • Host:
    ftp://ftp.fratellidelpiano.com/
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    playboy123#

Targets

    • Target

      Bukti pembayaran 08-06-2020.exe

    • Size

      486KB

    • MD5

      e47511fbabcff88bdd6a58ecb73665c2

    • SHA1

      f479df0c6c7aa1c5d7f06ec8161ee111782602b8

    • SHA256

      1809bf5f2c3064e604efdce2de7bbb8a112f99752766dd4a84235ec92c69a489

    • SHA512

      550520c3aba21a05fa9dff3335f8c632f4bfde71fc25bcc395aea7db02857b36b2fc7e04056c8f07fb106703eb39c63b451ff6e4af6456973f670cd79701e9a5

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks