Overview

overview

10

Static

static

10

Order Datasheet.exe

windows7_x64

10

Order Datasheet.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b81a4f41030c2b4c80db6589517a041d77e46e6f2a671dcface7a6591527eb2

  • Size

    383KB

  • Sample

    220521-elj13scedk

  • MD5

    00fe0b29d3f119507579ac2e97025709

  • SHA1

    edcfd4db2ad3b52f2df665a6790c10fd2843b285

  • SHA256

    6b81a4f41030c2b4c80db6589517a041d77e46e6f2a671dcface7a6591527eb2

  • SHA512

    9d3bff3127057f747074e0d8d0331325727d2ccf0e489b6c67d90f424cacfc20eea15521c5c9c2d8e1b6abcdc965672a37ee5afa157dc6b032f4f353a13069a5

Score
10/10
agentteslagozi_ifsbcollectionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    2019conCT@

Targets

    • Target

      Order Datasheet.exe

    • Size

      450KB

    • MD5

      d291cf735dafebc152901e05c6463b9d

    • SHA1

      eb625af674af3d1212577fbc81429d1b7c5b12cb

    • SHA256

      88166d5d3f0678216521dc60b9b2049b18758b512cf6aad12e2b32ed1add1072

    • SHA512

      50dca285f3be559fd8c63346a5f7adb511d73745173c7e6df2cd9bd9d3ee363cc676690666f7c3867848ba1734e8579b1a424d14d9a7e37a1e599d238d4f17a6

    Score
    10/10
    agentteslacollectionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks