Overview

overview

10

Static

static

LDR Quote - 014.exe

windows7_x64

10

LDR Quote - 014.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c97b3875f9ae3d3e19bd4463dd1e848afed5dcd78ae9951c8cf72cc25d28864

  • Size

    431KB

  • Sample

    220521-bkcc3abhh6

  • MD5

    05f363a812190a78314556b1ec76826a

  • SHA1

    ad73c555db944ba00f0545ecbebe84f89d9715bb

  • SHA256

    9c97b3875f9ae3d3e19bd4463dd1e848afed5dcd78ae9951c8cf72cc25d28864

  • SHA512

    2e506ca8778513dddf8f232883006ef7221ed92ea1356579f8758a8c138135d916003405b6fdb674e1823d93b9a774e83ccabf64a1618859804fe5ee1f7ca10f

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Mix2lower12?..

Targets

    • Target

      LDR Quote - 014.exe

    • Size

      804KB

    • MD5

      eb909348dd9474bd37ff32c9e314e617

    • SHA1

      6c1bad83c65120f65477f5c7c2f92e313d9a707b

    • SHA256

      f3ef6817953ca158c6659bc08c6bbcc27f834a7143426910383e79030109fd2c

    • SHA512

      9de7fb1c3be177a9d7a471578fa969fe11562b639b835c672620b6cd061b7f2a2096f8b83bde5f1c8ca01d467ac1f795f3d82cccdb27954ad99bcc1fcc509de5

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Drops startup file

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks