Overview

overview

10

Static

static

10

MV. ABERDE...RS.exe

windows7_x64

10

MV. ABERDE...RS.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bec61f4e3e786ce5a72048ca174f85efbff4a8e630d55811b51e806b32f45e86

  • Size

    452KB

  • Sample

    220520-3wlvescebj

  • MD5

    6700432076ec735af49376721206bfcc

  • SHA1

    946dd561ef803d8cf10cb44caabb3a05b974b3b8

  • SHA256

    bec61f4e3e786ce5a72048ca174f85efbff4a8e630d55811b51e806b32f45e86

  • SHA512

    0c804e8d8f1a01531a6c3857b2a652d41b5617efcfda07c20cbfbead5869a233076df9095d6cc61f183dfa0884e42e532ec4e7049850244bbbb97832b546b8b7

Score
10/10
agentteslacollectioncoreentitykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.desmaindian.com
  • Port:
    587
  • Username:
    manan@desmaindian.com
  • Password:
    vU}t$13*orkO

Targets

    • Target

      MV. ABERDEEN - SHIP PARTICULARS.exe

    • Size

      641KB

    • MD5

      be251f1b582ea616cb38b854ac172e80

    • SHA1

      6df0cf3554eb5bdf9cc7233228b31a271d512f90

    • SHA256

      6ae239d55a04fc135b9ed665b8e8ad720672eca86f5b76a441da1e155ac755ad

    • SHA512

      726b6476b80199e254d94861524aa70efbceb8b839a5449724e61759aa9b46731c2e45617ea0cb73ab2b7eab73cd9d48f7bb6fbe8b91ced46441331bfa601562

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks