Overview

overview

10

Static

static

New PO.exe

windows7_x64

10

New PO.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e58d31291e3928f6460f5445134b6058bc2341f072562f94d579707c72347fd

  • Size

    584KB

  • Sample

    220521-n16casedg6

  • MD5

    946eca0506d6a069fa3f07701bd6f874

  • SHA1

    2f29edae552478c0b02c3232aa382af405e5b32a

  • SHA256

    8e58d31291e3928f6460f5445134b6058bc2341f072562f94d579707c72347fd

  • SHA512

    25b6cb455f4b4b10d9be40c331ee51373981349e7f3690c90432cb756095c1d089ef7cc814aef9bc78b7483c6f54ce74f210be740402619c95fe92d32eea4ae2

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.gascuenca.es
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    gasW203@Z7

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.gascuenca.es
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    gasW203@Z7

Targets

    • Target

      New PO.exe

    • Size

      1.1MB

    • MD5

      e99872e364713d510326fa82f740264d

    • SHA1

      2a972af33190859791109c4863d5dac0428b7c96

    • SHA256

      be97c3f71385314e1d4da565788beba4633afd5d41c1a58eb3600b420becc747

    • SHA512

      2df3982d0c867bb3e1598fe97d091488ded78f54ea372a3e0458c72652ae4b53fc07395924e741d5a5e59283c0159801777deb1f9577a88e1659e693b302ecc8

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks