Overview

overview

10

Static

static

Offer Requ...44.exe

windows7_x64

10

Offer Requ...44.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    695b31784c56f2c72dc57a0f354326ac71b374300e0370d64f70cac29e963876

  • Size

    465KB

  • Sample

    220521-bkg9bafacq

  • MD5

    368e8738d3e4d31540f07bd65725d46b

  • SHA1

    baf571b92436b9901ece1b5887ae478e10c3eb3e

  • SHA256

    695b31784c56f2c72dc57a0f354326ac71b374300e0370d64f70cac29e963876

  • SHA512

    ec2f96724b66599c5183ed3e51b56404a9857bcf7ba057dda479cac045a670f763e2135ebd2362b4e3be8ff24d91f6aae92a7489c81ef7657ba855505d4231bb

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ikrrispharmanetwork.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Q5Ab{kp_p0?a

Targets

    • Target

      Offer Require #200444.exe

    • Size

      773KB

    • MD5

      92d133a476a560d79719e064e5f13632

    • SHA1

      fa56651160469f0766ad473627ced8ec3b5b17e1

    • SHA256

      d58f997b8ee320ecd735457793e3f266ad3108dcc3306274431fe34c22f903fb

    • SHA512

      af16c739675e80f67d4afcf933a91edda0b19c31114ae86b5a701209257638426812045f12f8c241cf6dfbd947efa53a63af497d7c82c48b74ae13b3c02ba1f8

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks