Overview

overview

10

Static

static

nº 2020-0...62.exe

windows7_x64

10

nº 2020-0...62.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0ee4eab4ae28305990de7a4ddc7f5a7c387ff4aef1a2e12285bcf3c1c643cea

  • Size

    369KB

  • Sample

    220520-3samzshdg3

  • MD5

    91b3ddd543abf20c49e0a7bc9bbd7bf8

  • SHA1

    1ac12c67f7096156c768b283966756d0fb3bfe22

  • SHA256

    d0ee4eab4ae28305990de7a4ddc7f5a7c387ff4aef1a2e12285bcf3c1c643cea

  • SHA512

    e996ba33abc310e542a6aa30f337e0f0c4ec656c4e5ab248e5fc64bb2eb22f54862d5bbab360abd8f811c9cff3ea3ec65112fb125143177dcce0758298ccc10f

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.gascuenca.es
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    gasW204@Z7

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.gascuenca.es
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    gasW204@Z7

Targets

    • Target

      nº 2020-03467009362.exe

    • Size

      469KB

    • MD5

      fffcfe8fc8c6e84bffe9de7211688042

    • SHA1

      1a6b3fc8e241392b91118861aee8593e1fba93b8

    • SHA256

      dd3efa049dae52bc00e22077a25ab03ec800ca061db672881073225ca390a791

    • SHA512

      f9c6bfa69655a42f5cb36e9f8808232117065a3eb60df91233460b7a32fea00947df81f6fefe2f8d05d0c93a67078d0a4b28e9113186e0862c34a3c842b3f095

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks