Overview

overview

10

Static

static

Order Conf...on.exe

windows7_x64

10

Order Conf...on.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f718794c4e21cef4fede12129603a75786d4ea1e02d82e0d616bc1b22c16fce8

  • Size

    416KB

  • Sample

    220520-3jw5mahac6

  • MD5

    3b70f11b85ab923a5244df8b6fc381b2

  • SHA1

    2d66b8cfa3a018d32b0dc35cdd4ffc4b20825eed

  • SHA256

    f718794c4e21cef4fede12129603a75786d4ea1e02d82e0d616bc1b22c16fce8

  • SHA512

    ac2a80766000f7c975e71df5969b211b139b9fe9264503928a8462e95e7f26b04b90b45e9787ea5c15a6a7807c42dbb3482af3b6b1f54208eb467b5a6b927d76

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Order Confirmation.exe

    • Size

      518KB

    • MD5

      1f3432d50064561de50bbe8c48c82833

    • SHA1

      4269524539ab5ed1adf52d8250b4e6dc5bb4dc9a

    • SHA256

      1739dc5b678020ced9848d02c69de25fade6dd99293f6b04cdda30a3da5113be

    • SHA512

      96108a03df89ca499b068ca096c7e108ffa7b78be14012cb9607504e341e5b15679e1a81370121434160c3ea48a64c8935eda39f81d5ca87af03df4cb983b35a

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks