Overview

overview

10

Static

static

Company Profile.exe

windows7_x64

10

Company Profile.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e476a5cc09807de055c55798df681268989a738456c534d4bfdcb82781f9d07

  • Size

    379KB

  • Sample

    220521-bb42qaegak

  • MD5

    9fb88f3a0fa809313d8dfe92d12f8064

  • SHA1

    204723642d6e19d22b8ec69e532be9dcbcb3a080

  • SHA256

    1e476a5cc09807de055c55798df681268989a738456c534d4bfdcb82781f9d07

  • SHA512

    e438accfadf342eb605af422fae5cc44f006f0590d3edfcf26a2230273c04f2f5a9c4eff11befdc328207b45f5419950dec6097b98d868ee333f741f196b20d2

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.pharco--corp.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    (UxyAlp7

Targets

    • Target

      Company Profile.exe

    • Size

      419KB

    • MD5

      49a035dc1136ee719a29a7a359cfc24f

    • SHA1

      749a09ddde927c7e02f4b94a2ef4ca9776a5dc17

    • SHA256

      759084fe8aec51cc1cd648c78a6319f862bf78c41aca7f6357bbca5eb7373e93

    • SHA512

      3f5cc930c686cc98874e09a61e6cbd1e9803ee3a6df53ea1204fff104687efbb6c046c1a04e0b1aee46cfad77dad37c7a36bc61fc41286682b980e1d10330b28

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks