Overview

overview

10

Static

static

PURCHASE LIST.exe

windows7_x64

10

PURCHASE LIST.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30a7e94bebd2855a574f3e92f373d9cf2533fc588a293813625e7ea5e7b02102

  • Size

    378KB

  • Sample

    220521-bwzyhacfa4

  • MD5

    5b850b4b62e40b8a62ee5421db5b4d8b

  • SHA1

    808bc4a2106cdc3bd2ba22f6b5d3c2468c4ebfe6

  • SHA256

    30a7e94bebd2855a574f3e92f373d9cf2533fc588a293813625e7ea5e7b02102

  • SHA512

    afed5e63e0b63d855bb898074e19e3fef2c402dd59e53a1f03fccd4f0a929342488050c82f6eff55749b66fc713a56864022c24630c17dd4f6c8ae0d95f89669

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.parshavayealborz.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    P@rshava123456

Targets

    • Target

      PURCHASE LIST.exe

    • Size

      470KB

    • MD5

      c092144bb729298d50c95d1a16d0aa97

    • SHA1

      1c31147f7e9f37e4e8bc73b0d1e535fba242734d

    • SHA256

      ee40db183a9f86ee97dd3803b54d1711d443d25beb0160fd89cd54ad890b8485

    • SHA512

      88b9666c3cce98d5485c12ec72619bc5e69967e4531c7998f051c2f48d012cd92cd1e9841d99d442195236ad1af60199bc7c4df8668a4b7305b0be34a60f5637

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks