Overview

overview

10

Static

static

10

company pr...al.scr

windows7_x64

10

company pr...al.scr

windows10-2004_x64

10

excel doc spec.scr

windows7_x64

10

excel doc spec.scr

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    049cf1a5c3ecd74b4de986216d1a8b9d10a21be4a1cd46db0a018679ae6423bb

  • Size

    743KB

  • Sample

    220521-byz2aacfh7

  • MD5

    44229e676b5cf5b74c9dc24ba39a0e8f

  • SHA1

    c1e3fe1369b4f5d0df3b143e1e35824497c19b75

  • SHA256

    049cf1a5c3ecd74b4de986216d1a8b9d10a21be4a1cd46db0a018679ae6423bb

  • SHA512

    86c00cb77169f5707720e6ae892501dc6bce01ba0d1b4aceba01b255b1745b5ef64fdc1a223e0be2ecfda3a7317e41fe52a6263c8f2366fe0255e1f7a44ca4c1

Score
10/10
agentteslaagilenetcollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      company profile_original.scr

    • Size

      871KB

    • MD5

      075cf1b8522892856efc41779993b228

    • SHA1

      bed6399d4e012c2e253d442db8db0d3d1f8e5307

    • SHA256

      2a529183f1105351617673ef3e12de1eebc24a13ca11b8d92330094bf0dc2bf5

    • SHA512

      3feda16bfe9b64ae39d4ad49dbf18953372091c23e741e28ceeeab043f31cdfc57d74b5c902328cee61c98cf0db77f92c2f33722cd66a3814a0465a4326cf588

    Score
    10/10
    agentteslaagilenetcollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      excel doc spec.scr

    • Size

      834KB

    • MD5

      4dc022310f86d0f94a74d8c0a7e7c58a

    • SHA1

      e809aa0cfcc7d387bc4451015a751e685b1ddf7e

    • SHA256

      92605cf78b7b975754a9defe3570dc6b30917fdfbc0d62f601145c28930c21f2

    • SHA512

      e5da3f734a56435b815728353b5391358fad11752493a13c0b4aa21419a7f3de244b849986aa70b17be84699523767b822e2d502f3b376586e791663fcdb0a53

    Score
    10/10
    agentteslaagilenetcollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

6
T1081

Discovery

Lateral Movement

Collection

Data from Local System

6
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks