Overview

overview

10

Static

static

Technical Details.exe

windows7_x64

10

Technical Details.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a6c02f2acd8af8b895519d6e064c950d47d33770a539484353d129fa555fda43

  • Size

    354KB

  • Sample

    220521-ex14qschgq

  • MD5

    755ea4bd5dfc0aa056c8f69648ff8f32

  • SHA1

    2c72c3bc534e9e0625a2aef1be5df580a7568e39

  • SHA256

    a6c02f2acd8af8b895519d6e064c950d47d33770a539484353d129fa555fda43

  • SHA512

    4c6898cefcddd53e9599e5ea549c6b96550ab1e5a31c69a0125314e1a0ecd8bd96a7b54a0eb2ba1f439b80e044760d99845547e40bf16bcc9870200ae7758298

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @damienzy.xyz2240

Targets

    • Target

      Technical Details.exe

    • Size

      427KB

    • MD5

      f45b90ee156fcebbc41ee694e8714141

    • SHA1

      a01e32250e4ae6096716b88ef1a81a936f5be413

    • SHA256

      9bf584f64af278fb0a7afd8aa15c460e19e3263388bc896284712c7a07426eeb

    • SHA512

      ab002fcc34b68f6670fa02257392e16327ee7ab6afa3da6988c24ebcf0607abae613f223cb58dff8ab9cc6c90bba112d0361496428492cbbcf9cd200fa009e64

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks