Overview

overview

10

Static

static

Galaxy Ace.exe

windows7_x64

10

Galaxy Ace.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9070fceadad5f30b14823568d3b87a1526688c0db092aa0d9c6ac43bd7f04fe3

  • Size

    414KB

  • Sample

    220521-ae7rcadacp

  • MD5

    9f61d7dce9a70ffff6ae6899c153e6c8

  • SHA1

    c12581b613487e0c5dfe272bead8fce5003cbca3

  • SHA256

    9070fceadad5f30b14823568d3b87a1526688c0db092aa0d9c6ac43bd7f04fe3

  • SHA512

    01d96f4e3fade915530c168fa24733a7e3e8a2ee6087f5b32343d18240261b3604863272eab270bef75071e75aac13be2f39d5980d81194b0590123a93cc779d

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.foodanddesign-lb.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    yarze@2018

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.foodanddesign-lb.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    yarze@2018

Targets

    • Target

      Galaxy Ace.exe

    • Size

      741KB

    • MD5

      b7607aabcd101fa943ede800f7c20d34

    • SHA1

      77b0a5ebe742c83858fa2e147c6b7feeb218551c

    • SHA256

      fa8867e0f92f5f0bf3fee15c02e4d4513d6b79928a12f73d7cc98abe382ba182

    • SHA512

      a153d2e57666444371e9f1cb06cea5c34cd36d9bf40738846bbdf071625870aab4d0b6f4ac07b92877d6df9bee34a7166df617a811d60e32b356beddd51113b8

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks