Overview

overview

10

Static

static

30% Swift ...65.exe

windows7_x64

10

30% Swift ...65.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f0a677cd3e128b13539ab1af458811affe9a06d8057330abf31bf51eed3e10f0

  • Size

    696KB

  • Sample

    220520-3k54xscaar

  • MD5

    d2415464ea8672ba95a0d77dfb249660

  • SHA1

    72ea9f26c1b7362a9e5db6244697c95514ca850a

  • SHA256

    f0a677cd3e128b13539ab1af458811affe9a06d8057330abf31bf51eed3e10f0

  • SHA512

    8cd6eff9946d3b0d461df05da23e720135db21472a9a9d9abb5d56d517494040b9c9e79e91e6f41fe7e988e19d0bed7d5be4b431bf0907602c01bb08fe9f982d

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.pharco--corp.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    (UxyAlp7

Targets

    • Target

      30% Swift Scan0076567865.exe

    • Size

      881KB

    • MD5

      18d072ed64a848f29404519c3969ac2f

    • SHA1

      e72a33598531541392e5059a72c18e6e2481f9e2

    • SHA256

      9c7b103e3aaa595ae90af29253f1c0c7062dba34fd4b97070644105b025a3488

    • SHA512

      5f6047f683570ca81fe854da8a3b0fc778a20b06f9d9f7acd65b219278eb050663f181844a26e0e70a64c6942b2c58e900cc0562c60e5266c0ddddf373fa8fcb

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks