Overview

overview

10

Static

static

MV- NAHIDE-M.exe

windows7_x64

10

MV- NAHIDE-M.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d2df51d823b8a4ae5fa8b362cbe3bc2e2233801393bf05a6febdefe805bb58a2

  • Size

    575KB

  • Sample

    220521-n5l48ahgfp

  • MD5

    9cadf5babd2e8241b04a0909370b3923

  • SHA1

    576d0a0d08af82bd9fe7ae8634a64bf4ab418db0

  • SHA256

    d2df51d823b8a4ae5fa8b362cbe3bc2e2233801393bf05a6febdefe805bb58a2

  • SHA512

    a76ca83d754f9ab58f852a4904437f882053906708d8716c424d032f8fc57e5351e3e982ce95cc0b7adb07eaa86759c7a721d1f204d62158e2ec8a0603942200

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.shivanilocks.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    rqa4@slpl

Targets

    • Target

      MV- NAHIDE-M.exe

    • Size

      796KB

    • MD5

      849952b5a2e2e9d5e3511faee9500d61

    • SHA1

      5f31d56b0f1ec4e60471ddbf9395a8371c03e00e

    • SHA256

      6c2107e074b01aec557d9b1ffeca08ab7ab34beb8c6dce3a65f6e2348fc5501e

    • SHA512

      5674a814fd1cf78ce1245a01879c0fc1a0ab336115c3b645c5311bb47ff9335cfaacc3c256726bc2c0d2e8cbe1a8a94d5d50e2c95aceafda732fd0fc21b93a9b

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks