Overview

overview

10

Static

static

Scan0002736.exe

windows7_x64

10

Scan0002736.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8634e5af5bc6c5c8ccb908c130ced51ea0eb81e81e77740eafb5f7f8876026f3

  • Size

    325KB

  • Sample

    220521-n44b4shgdq

  • MD5

    55572d9e5ec7f55307802abab904e9ed

  • SHA1

    0a0011099bdde7e6aa1f239ba3b44bc798a1b38c

  • SHA256

    8634e5af5bc6c5c8ccb908c130ced51ea0eb81e81e77740eafb5f7f8876026f3

  • SHA512

    8e3f205f17b93f2086e88161523694e1c08faf1f3a9c97bbad5cd519195b03711d11c38a1e7178c0c4b6d9dfc6a43ac9b0941a3799c2122de6d7b911c6b0d76f

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.westairconnect.website
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    L]O4YyMF8{oL

Targets

    • Target

      Scan0002736.exe

    • Size

      493KB

    • MD5

      07642b41a1bdf645c2e746265a029751

    • SHA1

      3faa2e660d328cc0c1efd04712ce43fb46dea2ad

    • SHA256

      af4614a203bf30b1a7d9cd1f3eb86ea531dd2f15849a69fd8df3f0502f58e4e1

    • SHA512

      c8f95df3afc426a628e4dad2ee09d9d2c0b26d85a5c1136a774bb44ca6749dfdcb680945a4e8add1c29bf91105fdbaf01ebbcbe1fb463c798d19fed8e2a52929

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks