Overview

overview

10

Static

static

SHIPPING D...)..exe

windows7_x64

10

SHIPPING D...)..exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ade4829af20fc019495244ff1e877e4cae630938dc706713b403c7a4f7714c35

  • Size

    822KB

  • Sample

    220521-n1n31sedf3

  • MD5

    cddd642a825a7e909da747e8c443c4f7

  • SHA1

    1c45f6b9d0abae95d5c84de363b356846e72f175

  • SHA256

    ade4829af20fc019495244ff1e877e4cae630938dc706713b403c7a4f7714c35

  • SHA512

    a6057114b3c341133f62ff4e537a6e7c964317376c788edcc4afc57a78619813d350f3cfd062c1c468c4e5da676fdac0880afbe424ec94604b630b635419d729

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.newalmawared.com
  • Port:
    587
  • Username:
    ahmad@newalmawared.com
  • Password:
    @Hd7049

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.newalmawared.com
  • Port:
    587
  • Username:
    ahmad@newalmawared.com
  • Password:
    @Hd7049

Targets

    • Target

      SHIPPING DOCUMENTS.PDF(248KB)..exe

    • Size

      769KB

    • MD5

      d656e489710c8e9930af8ce7ab847a57

    • SHA1

      eaa8fe32de65aba335cd98dd36b9cc766e2cd35b

    • SHA256

      537b1403f9e905dba7a2ae4a521b8655d09fff0208e19ac58ff6b2abaec2ea28

    • SHA512

      b5753c623080ce3d4f5d1bf3c581f62c2801cd27e09bd0d81611760c7c7653c8e0d37388aa82d5e4b8cc736d46b5dc03b5fac6b077acc6209421d9653b2813fe

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks