Overview

overview

10

Static

static

PO1159BL pdf.exe

windows7_x64

10

PO1159BL pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a01dd167473e79c66f53bcc414a5ca438c0d95033d6d8ea21d3ac3a6eafe33b

  • Size

    492KB

  • Sample

    220521-agla5aaca2

  • MD5

    9304cc725254f0f20512fe7c257ff5aa

  • SHA1

    3bca7df2f0dccf3d33660042e350b0b18b19b159

  • SHA256

    8a01dd167473e79c66f53bcc414a5ca438c0d95033d6d8ea21d3ac3a6eafe33b

  • SHA512

    8b7007ed0276f78a5aa91b368a506b7b6012b2df4a04e5a7e3c1e4243c57026d6bff854a8678c84576b3b261b32c7a32452a583581f958dd572fc28060bfe247

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    webmail.geral.com.pe
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    michael1790

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    webmail.geral.com.pe
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    michael1790

Targets

    • Target

      PO1159BL pdf.exe

    • Size

      779KB

    • MD5

      2888b6e0215298848cd4a265bb839291

    • SHA1

      af91231d46a4fa9cdeb6027307602a51cf47164e

    • SHA256

      6da0b5d0f2264121fc9dd33312a865f1ac584f66f1191be257138e6cdfc05336

    • SHA512

      4365b9aa010a2c194aa0d8d850a006d1a6a6f092f70b71bae754fa97ff0fc2adfae099075a808c3d0b8bec74c4107ee78ad1a68f01f23bd9de5b80289e47e192

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks