Overview

overview

10

Static

static

New Order ...le.exe

windows7_x64

10

New Order ...le.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ca6094f26c01b9c4bff58dd951d7317030e95e65ba13570adfe1832bd06084b

  • Size

    878KB

  • Sample

    220521-afxyjaabg3

  • MD5

    b402d072c863f2c7b44e952dcb60e8a9

  • SHA1

    34055f8c9fee048c8627aae3cbb09ff9981041df

  • SHA256

    8ca6094f26c01b9c4bff58dd951d7317030e95e65ba13570adfe1832bd06084b

  • SHA512

    01f5e4c891cd314052e7731a3b3ccc75bf1d35889f29ad7481a40bffa1e7ee1f2b69f15e31a42a50764d2265bbe33e0a2469272c45cc36c9d4d1ec1664324fb5

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    babaanu12345

Targets

    • Target

      New Order 2020. PDF File.exe

    • Size

      1.1MB

    • MD5

      45b1298dc7a0795c366aa8facded3a93

    • SHA1

      3958ce94bd5c0345a8b3d7c7ad32a0b780a33efc

    • SHA256

      aee0659a73d3ce6eaaeafcfe545290f95e8e52c3f640fca9fcdb984a17ee27c0

    • SHA512

      698092a1c3986e16e2a876bb5b9d296b7b2ce222c53acbd503faf5df9b5140b28d29c7837e456d8641af7b57e5118dde13e02e5eb45635c3c60284c04fa76ed9

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks