Overview

overview

10

Static

static

BL draft FORM_xls.exe

windows7_x64

10

BL draft FORM_xls.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6befcdf2818c8ec03dd132213e4fcc916b3826f8941f1f38d707a45b7a2599c5

  • Size

    582KB

  • Sample

    220521-any6kaaee5

  • MD5

    53508173e74029c1654a2fc28d27af27

  • SHA1

    92bd970756536cf028c898520545d26baf45ad64

  • SHA256

    6befcdf2818c8ec03dd132213e4fcc916b3826f8941f1f38d707a45b7a2599c5

  • SHA512

    97d5b03b4cc6808a2ff6fd1d5bd5c44a130f32dc641a30b646efda32274cbb25810c4add3aaba35c23579700507524fd9172e0b58e062040c841589e7201f8b6

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.moorefundz.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    g7g2Ig?Aeh_+

Targets

    • Target

      BL draft FORM_xls.exe

    • Size

      762KB

    • MD5

      99996216855c81d9cc40d112468cfc26

    • SHA1

      76e36c04c6fc6fd81a35b777df3f7c24feae524a

    • SHA256

      7b8df140852947533df21149c9bcb88be9cf040440dfb8f5eb7140171d67ce52

    • SHA512

      82aec45d3f0545e5639a075991fcc303258c64baf9653b7d45554fc9ba88de8cb6f9b9b15cfc9c2308ec798457494429ec2fbf8cb17565b36940ecaa5bd28789

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks