Overview

overview

10

Static

static

Consignmen...ts.exe

windows7_x64

10

Consignmen...ts.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5fcf03fb1f1c7bbae2a4e0a04d958f7fd12b69b4fc7372dd936fce6746a883a

  • Size

    398KB

  • Sample

    220521-aae6jahhd4

  • MD5

    719c9fb21eb5a74f7a72fad54968db78

  • SHA1

    4104d4d69ba9e6a5bbdca34f4ec9a3f945e43b4f

  • SHA256

    a5fcf03fb1f1c7bbae2a4e0a04d958f7fd12b69b4fc7372dd936fce6746a883a

  • SHA512

    e1e8c6ba06adb2756d3c76b9cb730ebf082abdac26aa5cae2dd8c74031a15a0cc5d06cbae7766f2ebdcaa282fb8f515bb46270cfbbcc1dc6f43efd8dce6d965c

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.lacore.ee
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    MBla354X

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.lacore.ee
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    MBla354X

Targets

    • Target

      Consignment Documents.exe

    • Size

      447KB

    • MD5

      c875c56f83bb289f8fc8cc80364c0c89

    • SHA1

      c357dd32701a9e07164b277e2224d841415c11ff

    • SHA256

      9241956eb6748031c6081171d747655373ffe236153dd901a663a3d24b9bf38c

    • SHA512

      21474d535909f928a7f5ee71f091bb0aa3d528c92fb45a2f5fdfaa2aa9e5bc54ca69132acd6323c65226514e65ff1c6c295e8db08af2991ff5569a7ec747f04b

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks