Overview

overview

10

Static

static

scan_95676...87.exe

windows7_x64

10

scan_95676...87.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd7e71e407a242539dad024ecc99d63a5ef59d17ab9df2e97255f8f6c69a86bf

  • Size

    461KB

  • Sample

    220521-n1gc6shegl

  • MD5

    a507ea5ae3d01e11364f827116e1c8d5

  • SHA1

    863133be01d4e7cf946939f5602f2398c40084e6

  • SHA256

    bd7e71e407a242539dad024ecc99d63a5ef59d17ab9df2e97255f8f6c69a86bf

  • SHA512

    3159430bcf387cd7e0c88679afe3c44f60d905fdbd65fcff5cc00b53c36316124989e29d12d7f2007dc5c7398252fa147124d2fe73f03fe87f238593fdb01468

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.legalcounselbd.com
  • Port:
    587
  • Username:
    info@legalcounselbd.com
  • Password:
    Someone1234

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.legalcounselbd.com
  • Port:
    587
  • Username:
    info@legalcounselbd.com
  • Password:
    Someone1234

Targets

    • Target

      scan_956765768748898-sn-58787.exe

    • Size

      901KB

    • MD5

      ee41e40c46f008bf352e1c1f4bd7b160

    • SHA1

      e2d985ef6d0558f022618cdf617bd991f0db4d11

    • SHA256

      6830bfac98064f3af0a998d45d34bb9db0cb5499f22f9efd7afe7f59b294f25f

    • SHA512

      41127dc8059a19da2db4ba9c4e1bf6e5249897978978e2ed7d6c634188fcf4f17a642ce1d34d6ff9cf41fd683607c867d2f773646eb77a5399fd853a28354654

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks