Overview

overview

10

Static

static

New DHL In...45.exe

windows7_x64

10

New DHL In...45.exe

windows10-2004_x64

10

Your new invoice.exe

windows7_x64

10

Your new invoice.exe

windows10-2004_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be6c1849f568d1736087f004e0fb75dcbc221d4a1a63998419990285bebc48cc

  • Size

    1.0MB

  • Sample

    220520-3wsyqscebp

  • MD5

    3f7c62f6572ed8a81fce2def654d0157

  • SHA1

    eba96d5a8b64b9f6918498a6124282b915dfc85e

  • SHA256

    be6c1849f568d1736087f004e0fb75dcbc221d4a1a63998419990285bebc48cc

  • SHA512

    b92fee509c4ff64da57f407c2fb6c0e94842a802027ecbf83faef0096d37f8986b5a86159c01ad0a699cbb8c4ac84c6bb8c3eab239480aefed95fd0bcf16abe2

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.greenhornechem.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ^fpNyGmQa2

Targets

    • Target

      New DHL Invoice 573872845.exe

    • Size

      659KB

    • MD5

      fac51bfe1db38adb89c57a70c2287dfd

    • SHA1

      fd2f2552833a13ce23a30c55e04f7f6a052facff

    • SHA256

      0ee26158f40d4a860856ff386d263c60e2cfa62fc32624f1b20bcf5995756663

    • SHA512

      1eee39bd5bfe69c43874ea9f8912e52b6d9bb8f68a638a3ad4e899078ef6d5d4e4f57c1756477d05bf7142c661cc360718d4c7b0ce9067443a25f42e7b27e37f

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Your new invoice.exe

    • Size

      708KB

    • MD5

      02420e23c994fe9b27f459a0e0cb414a

    • SHA1

      7e5b848423bc957f12a25907bafeeef7c97c3966

    • SHA256

      d83429370b6d814b6ff67dd1736424db4e11e39ee745867f09c98f49fae4e1fc

    • SHA512

      36f39db5a1e28dcfcdcbc6aa84d5c94be3a475ff95041fe21cf8f32c8d44a54fb2db1fddda322b9b9f85163152a41f905d95f93895455873c770da876430c3e3

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks