Overview

overview

10

Static

static

8

promise cripted.exe

windows7_x64

10

promise cripted.exe

windows10-2004_x64

10

promisecrypted.exe

windows7_x64

10

promisecrypted.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a2a1daa1760a7423f2b755dea3b32ccb7efc5a4b3ddd866f1de2eafcbf7c9d0

  • Size

    843KB

  • Sample

    220521-ebyfqacbfn

  • MD5

    d2a4fe5fcdba15677f2a71fe64d60931

  • SHA1

    420c85280098e08c719ec0addcde33e9b893f893

  • SHA256

    4a2a1daa1760a7423f2b755dea3b32ccb7efc5a4b3ddd866f1de2eafcbf7c9d0

  • SHA512

    7dc346df46e38208cf0adf2579cd51cdb7ed57bc55bc0127a412708761918809c84c253aa2b135bbf4a69710c59cf68922fddfc11ea3ea624c096162cfb21bfe

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojanupx

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.insooryaexpresscargo.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    GuG5GK(3m7*Z

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.insooryaexpresscargo.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    GuG5GK(3m7*Z

Targets

    • Target

      promise cripted.exe

    • Size

      459KB

    • MD5

      5e5769b61d855338e115f91ec350d27d

    • SHA1

      a0a32e969872a3548a171abe78223d2b44061ff3

    • SHA256

      21d19ba98de8b710605e144809cae73bc3b7606cfc49e995a267cf44e4c2638f

    • SHA512

      b913b5ffedcab3db0bae22127ee6e8aab511327ebe9562ec47392af9b4c5dd9b13230b83ad8c82e5cad2bc27f1e20e27bc804ef87c9dda6f2403ee8ea3faa4fe

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojanupx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      promisecrypted.exe

    • Size

      691KB

    • MD5

      47bb488aeb3ce0e005ac5e1a9d57bfda

    • SHA1

      63d44c1fb00ec4910d9ad95cc15daf6e86ed3cdd

    • SHA256

      85f9449b3bf138291017bff513ccc66cdbbb81478098149bf6ddaf44410c235e

    • SHA512

      f1426c35ec3f265d028e4f70867f4e62b95b39842abbd7ca8cae395fec34de27ce9d58849f7a4a8f6acfa4aeb7fe3abf643eeb9e5a8c1c9139940f2be91b2169

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

6
T1081

Discovery

Lateral Movement

Collection

Data from Local System

6
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks