Overview

overview

10

Static

static

dhl_doc7348255141.exe

windows7_x64

10

dhl_doc7348255141.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a49d00a9871ef796b56370c6773587fd64107d00858df42e65a5b6c96d306d04

  • Size

    701KB

  • Sample

    220521-aatc6acgcm

  • MD5

    80fb5cc08a4106dfee8fa2ebbcefa0ef

  • SHA1

    3b1125c97861918f546f344a99607eef8d91bcc3

  • SHA256

    a49d00a9871ef796b56370c6773587fd64107d00858df42e65a5b6c96d306d04

  • SHA512

    6d7796aad58426dfa756b11f65aaaa75d0a0c81fc3d8b8b24c6c31aa491cad6ef220dc4f72f63f0fc048d4dc3c36e9d18a2bad059a55dfbd8c480c55fbe1825f

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.waltartosto.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    pZQhjl!9

Targets

    • Target

      dhl_doc7348255141.exe

    • Size

      885KB

    • MD5

      31bbcf0d50b50476c9c7dd8399a8a4ee

    • SHA1

      4405c5619e9d343f1f5ec995afd7f5e52793d2b6

    • SHA256

      9c8eb9c9b67abe15ffbe4d7589e59173f56a38a853bdb079362297270fdaf4d2

    • SHA512

      fcf0e96d023678f69e86fc6bf03699fdcd16b37aa75a963ae49655d1b1e8120fe5d49967b739ad4169d65d225b7e460f60e39cef1e042d463af69be70679016b

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks