Overview

overview

10

Static

static

RFQ_5471.scr

windows7_x64

10

RFQ_5471.scr

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e83f438494f2a173e3c178cd23398577fdfffd2f2315b97029ccc5025af38370

  • Size

    1.3MB

  • Sample

    220521-bmkgfsfbcm

  • MD5

    63e7285817e88126790f64830e4c2b92

  • SHA1

    6c0661ea4e482980e0689b8cf0fd3c31ebece477

  • SHA256

    e83f438494f2a173e3c178cd23398577fdfffd2f2315b97029ccc5025af38370

  • SHA512

    4ad998e932a7476a93be7dafe2f7625640c71e812650816c6cf67d7c5d45f21a7b3070db9113422d30b6e272a748c071dab5f734cff5c7b7271d52f45847a0d4

Score
10/10
agentteslacollectionkeyloggerpersistencespywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    sparedone

Targets

    • Target

      RFQ_5471.SCR

    • Size

      784KB

    • MD5

      a191f8360b06414209e5d4e83239113c

    • SHA1

      607b66f2cb0a26a0c969bbbc19a2384844b81797

    • SHA256

      e070c9b84487dcd9290a34f999f51202c1ab7810bbe060a9817d437c9a7840f2

    • SHA512

      3a61fb388db7db12223b9d5e66b67758cd348a6fee8c386b481c3c3c7c8acaa49d2d85c03bb07de58645d2fc450555ae0a84ee53f00cc3836c2dd10747b4871f

    Score
    10/10
    agentteslacollectionkeyloggerpersistencespywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks