Overview

overview

10

Static

static

Image001.exe

windows7_x64

10

Image001.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf431fff2e253b8ec0638e283dd8db9cd88ae1774cfdcd035668d4582b07fa54

  • Size

    448KB

  • Sample

    220520-3sksysccgn

  • MD5

    7330fe250b06844ed864c7926b5823ac

  • SHA1

    8faa6066e70be1bffe421b2a5a54fffa205769a0

  • SHA256

    cf431fff2e253b8ec0638e283dd8db9cd88ae1774cfdcd035668d4582b07fa54

  • SHA512

    54e630912441d7e7c2279ec9df7d5214a6d2f95ea308ac606ab83bb46def27e3fc07407c326b4d01912c69570dc5d427646a15daf6582c7dc778a4cb2cd4b37f

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    afoerinwa123456789

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    afoerinwa123456789

Targets

    • Target

      Image001.exe

    • Size

      550KB

    • MD5

      8ed0a379505c109384edfa323fd592b2

    • SHA1

      bfc2b520d1aed2bb21ef4abdba3fb0535a040665

    • SHA256

      054ec2f2a97d3ded97d4f25574b131e809ff1446a1c309a3c76bd4a8cf385fe6

    • SHA512

      505b5ed44c111548a399eefc007aad397524fbde8cee55c28895337ceb9d121643e4b65e816fbdab0b0f5baff479a3556949bf570899551ef244ec6b3a2caa6f

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks