Overview

overview

10

Static

static

Order.exe

windows7_x64

10

Order.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    711408471b885a72930b72e0d11c0124713d2b2bec2c9ddfd8c24562b1727e69

  • Size

    406KB

  • Sample

    220521-amqsssdddn

  • MD5

    21b8a94d4d9a6ebeefcd39e110124015

  • SHA1

    e8b28b87899cf1f42d7adfe5a1e339999e65df8d

  • SHA256

    711408471b885a72930b72e0d11c0124713d2b2bec2c9ddfd8c24562b1727e69

  • SHA512

    0b0fa89017a5851e7e1e9117c08a2aa7d2d6487f9c24b51278b4c452e01904a10246f8c53f9668690fbfe752c4151e337db87713fd4f43feb5f313566ceba3ce

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.avastragroup.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    *vVABUb9

Targets

    • Target

      Order.exe

    • Size

      447KB

    • MD5

      a5585c61696f798b764023501c3c2f23

    • SHA1

      2f077851223b1fdd94a9866098fb22a47abd26f7

    • SHA256

      7aa2e610774aeaede163770891fe671e27c484405eddb143631982f3cad77595

    • SHA512

      081c57fd3d622b0fd8f9e27a5353493f367d04ad8ec686d19c2aed8b56496433026dfd660c0c11dba3cd329f0fb9ffda9e65c5f1e47975160109cf957cadef62

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks