Overview

overview

10

Static

static

Request fo...0).exe

windows7_x64

10

Request fo...0).exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34bcf90ffa1f2ab93a15141dbe3fb009dfb862e9037a53749ea1193868bdf616

  • Size

    444KB

  • Sample

    220521-bjqt3abhf9

  • MD5

    f21006618e68630fa3e1af5af3c797c9

  • SHA1

    a3d2c546f8eda45f0f3749549ade837a2428ae1a

  • SHA256

    34bcf90ffa1f2ab93a15141dbe3fb009dfb862e9037a53749ea1193868bdf616

  • SHA512

    e02b5110d5b0263d74a7cd57afecc2a0ba8bed41f7f3ddeadf33732cb99d0b1724a68fde8460d4ea429e8fa2495052a0669c1dcf2d37670f097492001ad54bc7

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    hygiene@789

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    hygiene@789

Targets

    • Target

      Request for Quotation - (146-22101100).exe

    • Size

      676KB

    • MD5

      6fe9e9e0ed7ef34a25022f6c00008517

    • SHA1

      bb1ac7ae84c34fa9b1a92456de7136bdc9ae9d68

    • SHA256

      bb94a881c3aa20c54450ee7d907eae152aa667a7a3280f7b00b44051d92322f5

    • SHA512

      a1df6a91b2ef43bd4038f69a807587b4953bdc353e13f13925f18fb733431fed81a2a1d25d738a4c578c35fcd5346664b68160ba5a4ebd8b5613dc5e9a0b99b1

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks