Overview

overview

10

Static

static

TNT Origin...DF.exe

windows7_x64

10

TNT Origin...DF.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf299628481941528459ce681df6b267ccf6ed6053a0e68a897d82bc94541574

  • Size

    409KB

  • Sample

    220520-3wjeashfc2

  • MD5

    6b7f7a81b81c5c56378bf430505619fb

  • SHA1

    2b99688d6086c4d3f71ecab7a72a703cf7d8297e

  • SHA256

    bf299628481941528459ce681df6b267ccf6ed6053a0e68a897d82bc94541574

  • SHA512

    d437e09cd2936c43c43c347526e11c2ea152395c3c78c6d58a85c851c39d59b0a179efedb19cedac82f82d63ff29ebeae587cba4e8cb068a4782bd913f88f4b7

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.lacore.ee
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    MBla354X

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.lacore.ee
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    MBla354X

Targets

    • Target

      TNT Original Invoice PDF.exe

    • Size

      458KB

    • MD5

      b4ac951ff6e00921270323cd1ed651a7

    • SHA1

      03fef764aa4a0086b6d32c65ba663ad0ae69461a

    • SHA256

      38bfcdf30a0a9e9bfb1e7d0f409dea1a387b20864bdaee25b072b0fc040f57ae

    • SHA512

      5772e96d025dd57606de0eb022abdc4d6c162be639ce4171dd743d2c8cc7f6e3712501034a2620fbcb8e6de890dcdc3e4bbb427cf4751af2fbf727585bc07ea7

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks