Overview

overview

10

Static

static

EK-2020-06...cx.exe

windows7_x64

10

EK-2020-06...cx.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e76d6da122bcc06d411f538e4eee5606d2d85920f5651613b3f6f2e41b197c37

  • Size

    491KB

  • Sample

    220521-bmn5msfbcn

  • MD5

    0a03d820986e1de9b235abc8d10df3d8

  • SHA1

    349c04fad86f158d599bcf1d8ef1648ebd69807a

  • SHA256

    e76d6da122bcc06d411f538e4eee5606d2d85920f5651613b3f6f2e41b197c37

  • SHA512

    9aae3baf3ed8051800adb2c847d1eab90ad3eea28397b2a2ef360a906a8710590615a05e5ce0482199df8babd67785e77ba4cbb8bd1cf83199feff7fe936b79e

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.greenleaf.co.ke
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    nassir@321

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.greenleaf.co.ke
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    nassir@321

Targets

    • Target

      EK-2020-06-49SP - M.E. docx.exe

    • Size

      680KB

    • MD5

      2a39d9260dcb26bd8f05084f8fc2b2cc

    • SHA1

      7abf88f5ee537c434c85235fa9ddb2a1b24bc2af

    • SHA256

      28c522239124483bcc83ca08cd0cbb3af1a9a3e18a1d8648e958c153c8e9e110

    • SHA512

      dd48ce4de47c47a011eb53f99c6d71f9489e94836427e5fbdaa759557afe9b87e79dbc4cb094b5877011ffd5650f4d526ab54b0c4e5db069b8bb72b025a31ed7

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks