Overview

overview

10

Static

static

Detalles d...df.exe

windows7_x64

10

Detalles d...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f9fb13c25c9c01def95df8c8015197bee9f5142f1f0791e697c51c6577f9e42

  • Size

    667KB

  • Sample

    220521-byfyeacff6

  • MD5

    a4e1f4545eafd61319c64dc7d119da99

  • SHA1

    f504f604bbb78ccbab5485134bdc1815b5ce81f6

  • SHA256

    0f9fb13c25c9c01def95df8c8015197bee9f5142f1f0791e697c51c6577f9e42

  • SHA512

    1b6ff7548d27b6ffa77545fa669303a29f5c95a9dfb57f47712eb17fca8aa41c95f4a8408592a1fe794e72da5273c1b8557904a4df325d1888db272ece909896

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.trademaxperu.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    icui4cu2@@

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.trademaxperu.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    icui4cu2@@

Targets

    • Target

      Detalles del pago.pdf.exe

    • Size

      908KB

    • MD5

      cff942f8b8b7161e872910d0cc37d21c

    • SHA1

      ff18633786e78743da40dee2c0af1c01c7119117

    • SHA256

      7953cff779759642a2cd5981662769249457f01c0c996c69c0b80d5439860c6a

    • SHA512

      d4cc80ce02e1f50f94b4f35b4b42df7cba7cb1f173581e0d6a650c65c29e183049a9046811445eeaba12ffad9e13a12c828f3e5e5653e7d69c1f1d74ef16988d

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks