Overview

overview

10

Static

static

scan009567443_pdf.exe

windows7_x64

10

scan009567443_pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    80171e582c0f387804f7a05a41bc80bce2739ccc82a8945b21b24ba66c1b821b

  • Size

    477KB

  • Sample

    220521-ajtehsach9

  • MD5

    d19f8baaffe99d264dbd0a99caf322ac

  • SHA1

    8a4fedbd0c29df8e3ccd004b761deddbafdacae9

  • SHA256

    80171e582c0f387804f7a05a41bc80bce2739ccc82a8945b21b24ba66c1b821b

  • SHA512

    7d36146ea77473c921992b46ddff484aecbd5d0b1d7d17b1b1db6773f8f4213aeeda878db78be3e5a30c3d4b0aa5019927cfba0ff621cb8cdff1858beb5dcf34

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.moorefundz.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    g7g2Ig?Aeh_+

Targets

    • Target

      scan009567443_pdf.exe

    • Size

      732KB

    • MD5

      c13e2f086b165bbc7a0faabfc14c9684

    • SHA1

      e18adf1bcc29a654dbaaf9a12cf67756c2fd23fd

    • SHA256

      fa2e9aca8e9942fbbad7006322243788563664b0b19ea83262959a5fec2f8b4c

    • SHA512

      f1e0193309d76a52a043f06b853a225d4e94621282a2bea23098ed135b8df933ebc4ff98f3a53af91cda85cb837671a50ea097de18b52a9c599aa384a3b777bb

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks