Overview

overview

10

Static

static

SOA july.exe

windows7_x64

10

SOA july.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eda6ef163704715bc6ab74b299b326c1b9d309f77c578e66b28f6d36fb0f33b3

  • Size

    348KB

  • Sample

    220520-3lkjlshbb4

  • MD5

    71173123c1b5c8f1dbdb21f366e19843

  • SHA1

    83ec369d8995919eb877c86f030af6d003da8fd5

  • SHA256

    eda6ef163704715bc6ab74b299b326c1b9d309f77c578e66b28f6d36fb0f33b3

  • SHA512

    72632b98ce7ba4066b2d2a3ab8fbf7c451613e6b07bdeb3ca63d67d8f6710f56462e47477cde5bd63b15d779d471cd1b2c9990c600077f5e1fb5f6a822bf2d18

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    1xH}wgu7}f%E

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    1xH}wgu7}f%E

Targets

    • Target

      SOA july.exe

    • Size

      446KB

    • MD5

      49f4d61510b00da46d1ed0081dadd436

    • SHA1

      9259413803d64671da96bc27c1ca10b87e3a5688

    • SHA256

      7666a9640caa1cd3032c124ae3b763f280cae9da5028586721e3aed9f476bf2d

    • SHA512

      49aa2a1fbbd81ee8b3829292509aad3a62574cd380a16f5b44fa96229572a8bd43981abd8f6a590684322b94bccdecf6610123d24bfcb3da69cdb0f1999fb116

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks