Overview

overview

10

Static

static

KAFA_item ...DF.exe

windows7_x64

10

KAFA_item ...DF.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    421998b18243e4a5f973520d121c4c3bc2a596472a728fa4d2d658e6175df81a

  • Size

    484KB

  • Sample

    220521-aybs1seaan

  • MD5

    543b1e566be6fc8612e0204195ba30f1

  • SHA1

    986caf05f23ae3449d70a9b2454dcaa25d2d74b6

  • SHA256

    421998b18243e4a5f973520d121c4c3bc2a596472a728fa4d2d658e6175df81a

  • SHA512

    b4a32c205b2f3d85cbabce9433b407159ea39ec9506d0fdd8f68e6e228afa3ce4eea87fce19a485aff327da4dffb40e489677d7097b3282f31a442e1c099aca7

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    blessing2020

Targets

    • Target

      KAFA_item sheet_7282020_PDF.exe

    • Size

      602KB

    • MD5

      7ec820bf892a68ed5c1ff519e3719d00

    • SHA1

      0f220db3b4f624c54b0b50bb507ee7adec9d56d7

    • SHA256

      7f0fb6cbeb67d61d2fcf55c3e9496eee625be53db7e4e0a6321403efd9f8f7c8

    • SHA512

      b2d7482a91317b1469cb8151def49409de96ba272c5d4f4dd33b39d8d7844dc91f52aaa99b5bc8c9a079535d22d9e1c89ddab3e8cd4f0e0c3cf4862bd75fb354

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks