Overview

overview

10

Static

static

technical ...nt.exe

windows7_x64

10

technical ...nt.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    096d05642c1e92342e95b97825447c080d63be39c25e870c2a1ca8e17eeecb71

  • Size

    390KB

  • Sample

    220521-bces8abfg4

  • MD5

    826818713790994d8e26f8c5762610cd

  • SHA1

    6ed949ed350c65b2c67327cc5d3df141748ed0c7

  • SHA256

    096d05642c1e92342e95b97825447c080d63be39c25e870c2a1ca8e17eeecb71

  • SHA512

    43996d6299dd0852c9dbf3d6ad24d6e030adf04d4c9a3e5dc4ac544530c32b15309aca0d81479a4ec61a6c50f769f9a74f53510d3e82af62d0c7cf99a853a6fe

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @damienzy.xyz2240

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @damienzy.xyz2240

Targets

    • Target

      technical requirement.exe

    • Size

      442KB

    • MD5

      47ee6d7bbfce07dc6ef3534e002583f6

    • SHA1

      907690f794bd018d8131dd527a8022a24eb91822

    • SHA256

      f688b463a057afb9a38b9c380035f17579bc1f4b12b8041a5c5f388d11ff9158

    • SHA512

      aeed898ef3f6cbba61412e3097e3831ffed539afcb7c75635fc7c8215e59c3fbca6a271efa2d50fa73d5684da064b27742e7a39c685f532abff442ce885e57a1

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks