Overview

overview

10

Static

static

SUL-MR-MS-...lo.exe

windows7_x64

10

SUL-MR-MS-...lo.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8d27b3abd4deefc22f25185095ae7718b2eb52ba563d68cc687b49f216820a16

  • Size

    514KB

  • Sample

    220521-aftwwaabf7

  • MD5

    1bca6f9ba38960040adb64ce6a653b9c

  • SHA1

    db2f9c7911c642adc1aa40e108a9657503e4ea42

  • SHA256

    8d27b3abd4deefc22f25185095ae7718b2eb52ba563d68cc687b49f216820a16

  • SHA512

    402a94c8e577fc848f5266475010b8c7139329714540a114441e7b40a91e2cece24fdffb882b2daa853d67b6658d8126d020dacbdbf719e050cc480887b44722

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.sinantombul.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ZF@6R2?&kZh!

Targets

    • Target

      SUL-MR-MS-0005 Silo.exe

    • Size

      655KB

    • MD5

      3b5943fa64cdcc61fbbc7c610264f21f

    • SHA1

      cca33abddbbe28dbd21908e506cea109632e0c79

    • SHA256

      595326dac30807128a4e02eba50b7b26797f836796852f75dc6bbd32e955f5e0

    • SHA512

      5f059b69f3335f3d1c3ab84f2ab2c67315ad4ff971e7b740fa7163fa89f26e43dce80ac0e94314dd1597b6f43ab62cc3d6bbe32887ec520a4684c959d777d6c9

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks