Overview

overview

10

Static

static

$45,520_180522.exe

windows7_x64

10

$45,520_180522.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    $45,520_180522.exe

  • Size

    590KB

  • Sample

    220521-axb3dsdheq

  • MD5

    3f16c99040943dd50a8df3d0f4d2ae12

  • SHA1

    2eeb4f24a92339b27c680d2330dd4c22dc129cf7

  • SHA256

    7fa32ef7677187129e2a8c47c3a846beebd2c18c154a00989d97e01cde9edb4a

  • SHA512

    3bfbe69961af3815c7d39df2fb40e01e878da35186d419f961bcd1b61e6275ab9cdb9717641294a43534fed24ddfb7ac6933f7b5b527bc03c95950f89c206308

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.silicainfotech.co.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Silica@abcd1234@#

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      $45,520_180522.exe

    • Size

      590KB

    • MD5

      3f16c99040943dd50a8df3d0f4d2ae12

    • SHA1

      2eeb4f24a92339b27c680d2330dd4c22dc129cf7

    • SHA256

      7fa32ef7677187129e2a8c47c3a846beebd2c18c154a00989d97e01cde9edb4a

    • SHA512

      3bfbe69961af3815c7d39df2fb40e01e878da35186d419f961bcd1b61e6275ab9cdb9717641294a43534fed24ddfb7ac6933f7b5b527bc03c95950f89c206308

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks