Overview

overview

10

Static

static

Consignmen...df.exe

windows7_x64

10

Consignmen...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6cc1c68eb132a4fe14a971f09c31b346ffba640815a9431ad905b13b509166a7

  • Size

    222KB

  • Sample

    220521-anmgrsaec9

  • MD5

    0335694b8fd3ec69e882fca4b0cf75af

  • SHA1

    a8368a4c1c3fe02845f973cfe2473d3f0aa22c2f

  • SHA256

    6cc1c68eb132a4fe14a971f09c31b346ffba640815a9431ad905b13b509166a7

  • SHA512

    32478b4b33f78d1a5d00de4943fb7bc858d1d87c05ffc9bbbb96d4bfac8b8701fe0d1b09aaaa34fc689ea05ccf267fd12bc8c65a4e2d9ae69d1fea3f4fd910e9

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.flood-protection.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    cjboss2424@

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.flood-protection.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    cjboss2424@

Targets

    • Target

      Consignment Details_pdf.exe

    • Size

      632KB

    • MD5

      73daf3aeb8744eb8ff3f16b41466e02c

    • SHA1

      cc1e13d19617f0d1bf2838ed930fe1a4d5fc19b9

    • SHA256

      ec5ddee4daf077b22c49a35f10c16a4c2f191e3a125ce1b3f26b01fe7ad619cf

    • SHA512

      11542663e06f791ebb93db0f03d543c03a17a2811a2b097ed977b21aaac100ea801b4535656cad03795d034137291a6d37539466f3d281a123516522fa2cbcee

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks