Overview

overview

10

Static

static

SHIPPING D...oc.exe

windows7_x64

10

SHIPPING D...oc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac9aa9f280c16034b32a0aa081c6ff1cf0d2efb966dd0ece2c9b5417638352b2

  • Size

    536KB

  • Sample

    220521-myhb1scff4

  • MD5

    43f9c077d254e19cbd9dda088cdfdcde

  • SHA1

    18bd52c8cf3fb429cb58699ea94e1144d6fa8d90

  • SHA256

    ac9aa9f280c16034b32a0aa081c6ff1cf0d2efb966dd0ece2c9b5417638352b2

  • SHA512

    26c6cdf3f275dded77bdb07aaafa4ba075d44885acf0af54e6496368d3c3d838815d7f6ac76a997d660734ae6f6813d8752f417995a202099fa03a598584e623

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.acroative.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    onegod5050()

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.acroative.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    onegod5050()

Targets

    • Target

      SHIPPING DOCUMENTS_doc.exe

    • Size

      887KB

    • MD5

      72604d8c812c3358e9213024d3c4954d

    • SHA1

      930947eaf04e9ac6e5ccf798f07bfe60b194ae50

    • SHA256

      b81ce07ddc4e67ba7d1f5d1b6893e50eb2c2e0f4a7c5ce3dce1971eec3e6c999

    • SHA512

      fa441e1f64997319a0ce0aec12cc084c0219ba8131e184bf866d9497da918fde1f375be11f478ca5ab1e047653c30a769308d282bf1c6d481478f84db8db1494

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks