Overview

overview

10

Static

static

Remittance copy.exe

windows7_x64

10

Remittance copy.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4bc735e483c455cfa6925262c67671e7fa9720c0166aa26881ed4697ed0218b

  • Size

    525KB

  • Sample

    220520-3vbytsheg3

  • MD5

    d30ea30b2725d62ef5aeca2a55c767e8

  • SHA1

    734a4e667399330722fffa65f014779b885f2470

  • SHA256

    c4bc735e483c455cfa6925262c67671e7fa9720c0166aa26881ed4697ed0218b

  • SHA512

    783c6409ce28d2fe840360e6bace1b2a50266362f85d436de33bab9cb560284fe5efb5eb6a7bed441a35bb97238d032b01fa55ba5695671fbbb68cd7979de322

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.jascf.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    v4Sh@2P$keSd

Targets

    • Target

      Remittance copy.exe

    • Size

      729KB

    • MD5

      c86e1314d84055040470216e546648df

    • SHA1

      575a0bd92de0286999ad125f4e32acfe0e19a834

    • SHA256

      51031d05083e587fa113208a5de4c7f7c0bd4f6ee385bdfee92c63786f7d7e88

    • SHA512

      0a27c34593318a460f31f568e3ef9739f6778884720d8ac65b623db8bcf1df2f28d16ae52af2deb3109a7a943222dcf704ceaeffd1a7e15165651a96fa7d2f5f

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks