Overview

overview

10

Static

static

Payment_Ad...__.exe

windows7_x64

10

Payment_Ad...__.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5158fcbccbc2456a4397ca9dce8f72f9db0a1386e20f796c0138afad0b79dd9

  • Size

    606KB

  • Sample

    220521-aappzacgck

  • MD5

    d1ca7f7239ef4677701d5d86d04892e9

  • SHA1

    532f57ccc9523b3056b894564d4a1d70e9ee69bb

  • SHA256

    a5158fcbccbc2456a4397ca9dce8f72f9db0a1386e20f796c0138afad0b79dd9

  • SHA512

    9772241447615dc068ee31f64bc797a83df61fe9e00ed882e0db8f842550e518349b1aa08176a879769699e0db08c44657eacfeba555fc6342e78625c538a318

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    London@123456

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    London@123456

Targets

    • Target

      Payment_Advise_Pdf________________________.exe

    • Size

      544KB

    • MD5

      eabad732131c926fa30bbc42d3d1bf18

    • SHA1

      b71b208ae96647cbab5e02640ef0cd7be3dd7b61

    • SHA256

      d1dd3eabe8a8a8c417efe6e7727712720eaf1ce68058734d1df6834cf654426f

    • SHA512

      eebdf2229259a44a60f45442aee9648b991e680c1051b6d4e02499b25fff961ad644fbdeac5c4a40b5213348a1f3185562b4253eaf8b7204f770cdbdec266b1d

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks