Overview

overview

10

Static

static

Earing sample.exe

windows7_x64

10

Earing sample.exe

windows10-2004_x64

10

Order.exe

windows7_x64

1

Order.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d32807c973d629ca652f791cf01d802eca58b099fde691b4b33c7ae98cb7fb0

  • Size

    711KB

  • Sample

    220521-b2ff2scha6

  • MD5

    b84bd1b1eef8b374710175d71318f612

  • SHA1

    79cf6975c17ac2cc1490040fb7a3a8ce58a05d82

  • SHA256

    2d32807c973d629ca652f791cf01d802eca58b099fde691b4b33c7ae98cb7fb0

  • SHA512

    5b591701f5a1af94787b93fe81273b544c7fc5d63bed23c6d5554dd7969ba6ec6b192e6e3e0f2c6ceaf5a1b06bc2d3ab7892d583fee69bbe8d04e11cd6a37bc8

Score
10/10
agentteslacollectionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.megaworldcorps.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    UBx@@re1

Targets

    • Target

      Earing sample.exe

    • Size

      388KB

    • MD5

      54ea8a84f32926bccd4d9371aa32a2a7

    • SHA1

      38c3a0d14279074d63ccd5a4edf915d87636d365

    • SHA256

      bee7335822adad100e62824cc28283de9513e8d3141752a7f52a0cbe8b2f0342

    • SHA512

      b18c3187223d5ef59201d80f7e3fae59e7658b4de3e3532193c9bd5ca1758946f7a4e0a64dfaa7409c0e77b04f5419c156f874d581980fe55e34257f5f818841

    Score
    10/10
    agentteslacollectionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Order.exe

    • Size

      406KB

    • MD5

      857b36a2bf6985204266d05d96541240

    • SHA1

      7ef268aeba1d647208cda6b527da08d5ea9825c5

    • SHA256

      2c1988b65fec7b60932b4ecdd808c99f026ef9e6e97244b56ebbe629a22c1e4d

    • SHA512

      5cd4d6704818097e838d75339ac4a8cf186bf761f21af997ab090122cc450cec985cde47f19924d26224a2948d23a7df69268ab0b999e1839205bb2a781597db

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

6
T1081

Discovery

Lateral Movement

Collection

Data from Local System

6
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks