Overview

overview

10

Static

static

URGENT REQ...df.exe

windows7_x64

10

URGENT REQ...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3d6adf930f293d025223315f0ac99e64e01d2eed618a71636807184cd65a8132

  • Size

    394KB

  • Sample

    220521-n3fjnahffj

  • MD5

    44437a3abb0ac421d1773465ad7af2cc

  • SHA1

    d8766a276157041c98b638e97ca05729ca2f09c0

  • SHA256

    3d6adf930f293d025223315f0ac99e64e01d2eed618a71636807184cd65a8132

  • SHA512

    fd76e6dff0f81f528c31c50c51880d532baf27f3244962151685621602ee93050b6e026a550d26247c2e070422351e9ae367d0af66710159fa6d9f4475cbf00a

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    sOeKk#E6

Targets

    • Target

      URGENT REQUEST FOR QUOTATION QUOTE00782020.pdf.exe

    • Size

      708KB

    • MD5

      26a528a86cad4a65522eba4db40f5014

    • SHA1

      37c01731625dd9f5000cd33b449e8c6ebcba470b

    • SHA256

      de77f2b2fe58ab75b2a6876cc9883d59330766559847223284d764b74d88df12

    • SHA512

      644f192b771c9435698cb60a803eb08281cf7ff82db82f2a2bc5defd58f81cc9ef06446a37795babdb3d07aeb83ced36081bb2624c37c756f03b3cc490487a7a

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks