Overview

overview

10

Static

static

TNT SHIPPI...DF.exe

windows7_x64

10

TNT SHIPPI...DF.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea9f561f456f701ba4651db5d64290a7bdec93e3a6c5919c6047d171ea9d5858

  • Size

    214KB

  • Sample

    220520-3l6rvahbc8

  • MD5

    011c0f9334f9cc1ad9033242f3e05f34

  • SHA1

    ce414cee51af8440e97cb46f743b9a085a5a4259

  • SHA256

    ea9f561f456f701ba4651db5d64290a7bdec93e3a6c5919c6047d171ea9d5858

  • SHA512

    c1732299c65f3adbdf2158cda2bdbae32f835979b0f51c6b7de2447120eb81004c8e883fd9d05f9599648036df0aaf2f046f3cffe6b72892ceb4d45c0d892ef0

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.arrmet.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    h)pzIy(9

Targets

    • Target

      TNT SHIPPING DETAILS _PDF.exe

    • Size

      606KB

    • MD5

      f80445a3a305423f29cfb4afaf419f8d

    • SHA1

      2c505737e2421b8b085b1bd7247298c16c96f6fd

    • SHA256

      f89735262eafaafe7d296c51043f3e0b0b499f06f25021b4bcad470674fbbdb6

    • SHA512

      351c3d4f25c2a2ffd9603bb6f8bdd409ad8d7f3d0e6b4e9915130cfd40a4466fa6ec7e9c9c3ef2bd5305b2b70aa6b3dc1e514437b146773af5369efb03d14351

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks