Overview

overview

10

Static

static

Cables Demand.exe

windows7_x64

10

Cables Demand.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1af00abb9629bb4bfd45b1f7994883add919e5d120d8844ab422e19cf3dfd770

  • Size

    382KB

  • Sample

    220521-dx5w9agec7

  • MD5

    659fdfbe376f6463228d7e5913e5fef9

  • SHA1

    e44550931c9a0c08201f38b23579699e6bc9c7c3

  • SHA256

    1af00abb9629bb4bfd45b1f7994883add919e5d120d8844ab422e19cf3dfd770

  • SHA512

    deeb86ad76507ad4075d6c76227d4d31dc7322b6aa4947e8a7f0df0887e6a6e8c702b38296af046294f024f148f5448881ba1047ed5f3d8070b75574db71d504

Score
10/10
agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    solomon12345$$$1

Targets

    • Target

      Cables Demand.exe

    • Size

      416KB

    • MD5

      a6353cb228c5035a9ef68d475da91fe7

    • SHA1

      e3e70404c00beaa1185c50c49f3abf84ce9d887c

    • SHA256

      b977389b487ea178bc1ce4448a2a67c5f0a5d327a6c9500308574aa9945901df

    • SHA512

      31ed5cc5a9c1214baf69fdd29220ba0be0eb9ab8866041a6256f8e12eead7f7a16f846e923485417bd5cbf318a7d1bd8431ab6f682bccdb775e0d34bdb12c154

    Score
    10/10
    agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • CoreEntity .NET Packer

      A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

      coreentity

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks