Overview

overview

10

Static

static

Order#80704.exe

windows7_x64

10

Order#80704.exe

windows10-2004_x64

10

Order#8548.exe

windows7_x64

10

Order#8548.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9945bf23a859272ab1ed1a68c37a75f0609e1b43030a5fa6ef4d12e7641df825

  • Size

    802KB

  • Sample

    220521-b1pckacgg3

  • MD5

    fb2d6c0ed73855657d640f5a88b8145e

  • SHA1

    c0430c8b10da1d43a83e2d5c812c3c8597d9b33b

  • SHA256

    9945bf23a859272ab1ed1a68c37a75f0609e1b43030a5fa6ef4d12e7641df825

  • SHA512

    5306d4af25724e256140a02fcd003744d32d2b3506fbe122bd1ab18d52d8df907811d05ca787794e15e1a9d76f4d64a36975ef40805feaa3206bb1cb471f77cc

Score
10/10
agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.kteadubai.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    bt3tw9wqh#B

Targets

    • Target

      Order#80704.exe

    • Size

      496KB

    • MD5

      660d4781735cf333d08824d98efa279d

    • SHA1

      c61f3476128cd2c8ff50b5851e66c42ad714843f

    • SHA256

      d569c0cfd280490ff1d726b75bca9e64be8352671e8aaf41b26e583c82690cfd

    • SHA512

      21e01a4fbf3ac8ceba8e246f2a3adbb7eed59eb43f5cc419e96f6fb38b5c937b09da4f35742da934b2908100b07377caef7784a7ff76a33889d8246e94831677

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Order#8548.exe

    • Size

      499KB

    • MD5

      9f52af692b997df95786dc14c22b8a44

    • SHA1

      84830cf35779cafa57970943cb5b40070067e9a4

    • SHA256

      b4207b682440113fab88288c35c84e6af33ba52aa5d82d0dcbc339c532672818

    • SHA512

      88536971d76de30034b641bb6a64bfc5758194fbc6654cefa0e2b4195b253136f00cade30f14695c1d6c59f0e72e7cb42f8a4e72608ddb8f0642761be083d257

    Score
    10/10
    agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

6
T1081

Discovery

Lateral Movement

Collection

Data from Local System

6
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks