Overview

overview

10

Static

static

OC_1147_.exe

windows7_x64

10

OC_1147_.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdcb2e7d7865516d3a42fd65e60e1c57e87aa1b0e6f4f0915a2250929cd2f24c

  • Size

    1.2MB

  • Sample

    220520-3ha6rsghe4

  • MD5

    b10e050f1f76c08d7c42c8911452a7c2

  • SHA1

    4d3aa0ee30c3f49a7bec8d624b68f81f8075617f

  • SHA256

    fdcb2e7d7865516d3a42fd65e60e1c57e87aa1b0e6f4f0915a2250929cd2f24c

  • SHA512

    d5cae77c401dcbca586065a4ac781a3665dd252d74e3271d242249d0f1c76b25306f5b4f821956f3ffe847d4243ebbd2236140ca18cdd62aae85db394370a970

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.abr.rs
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    beograd55874

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.abr.rs
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    beograd55874

Targets

    • Target

      OC_1147_.EXE

    • Size

      552KB

    • MD5

      c86747454f9c24f1fa330b47ef865e47

    • SHA1

      dd721210c7e184ba5627d89571539570d44afdde

    • SHA256

      9d1e2a8584f32720f3f504ab505d1eab3864248b043107382d431fc731eeb953

    • SHA512

      4d741c665d84a4eaf681591b69528584ce8c1c1eaea15d60c49c37e88f94f59493467f68506b946e2a832ac321e0eb76c00e227037346cdc697e90a57328f93c

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks