Overview

overview

10

Static

static

431028bd36...13.zip

windows7_x64

1

431028bd36...13.zip

windows10-2004_x64

1

pi-updated.exe

windows7_x64

10

pi-updated.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    431028bd36f3453333fbaa363bd53bdedbc6177c02166a94711f8e4f192c7b13

  • Size

    425KB

  • Sample

    220521-d8j4xscadm

  • MD5

    83eb9c848e526c7a3dfdb6c9d8934c58

  • SHA1

    f8dd8a39f3219030998b4f8d0e17a054352873e3

  • SHA256

    431028bd36f3453333fbaa363bd53bdedbc6177c02166a94711f8e4f192c7b13

  • SHA512

    5b0dfc8357feca808900876accf20d39bfadcd218e30000b85c2b9d887f4550e9f51e627ad9a07ab9f8de1aae693c5521ae3cb79ebc6dfbe43a9151c0f70e82a

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    hlw1billyruseller

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    hlw1billyruseller

Targets

    • Target

      431028bd36f3453333fbaa363bd53bdedbc6177c02166a94711f8e4f192c7b13

    • Size

      425KB

    • MD5

      83eb9c848e526c7a3dfdb6c9d8934c58

    • SHA1

      f8dd8a39f3219030998b4f8d0e17a054352873e3

    • SHA256

      431028bd36f3453333fbaa363bd53bdedbc6177c02166a94711f8e4f192c7b13

    • SHA512

      5b0dfc8357feca808900876accf20d39bfadcd218e30000b85c2b9d887f4550e9f51e627ad9a07ab9f8de1aae693c5521ae3cb79ebc6dfbe43a9151c0f70e82a

    Score
    1/10
    behavioral1behavioral2

    • Target

      pi-updated.exe

    • Size

      523KB

    • MD5

      d315077101721ea6f53140afc941eb10

    • SHA1

      6fd80227a05baeae629e9feee67b45b1b71ba0f8

    • SHA256

      2a19861b5542b7a76129c027376c7c3902e38ab5d9914722af6b13eff1a28973

    • SHA512

      c0ef129c68a95cd02235bcefe750711d6e6627e2287999b8076bd326af456121e77bf6220a0bf59e8bef4a9464295b4605c88f9af70e9aeb0be694dfda3ececa

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks