Overview

overview

10

Static

static

PO#0010710619_&_.exe

windows7_x64

10

PO#0010710619_&_.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d529d651b788dbe02b3b3b950fe52786e4976e6f63c5e7ba7029e29f8cbd9066

  • Size

    509KB

  • Sample

    220521-n869kaaaej

  • MD5

    fb8eade80c7ef8e9477c86e39a98f421

  • SHA1

    e748dd5b7ce2b090c91217c432be8693e8ff931c

  • SHA256

    d529d651b788dbe02b3b3b950fe52786e4976e6f63c5e7ba7029e29f8cbd9066

  • SHA512

    4421ccb2341e117248b86e334b01c1fc2132df855ef33768a6760e5131c507d01ed07e71e1277598b69703cad057ec46742cb7e0144a07a53645957c2a51f319

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    john5on.muller@yandex.com
  • Password:
    41k2c4yfVG

Targets

    • Target

      PO#0010710619_&_.exe

    • Size

      547KB

    • MD5

      abf87baf38d5003e0e69b83289444917

    • SHA1

      5ef6045701689fd8852e3eae580261fcd81e1d5d

    • SHA256

      ae402313cc96abc092b41ad2fe8f3b8dd5fdc9c75141dcec97619e8e90a43867

    • SHA512

      1ccdff2c0da62054c4b4be602b377f3d8822d6901b763f2ff17a8979253557221efe365e2afb89a9ff2f107f16ceff68a25050a62f45f4a55de0a7a2bdc82d26

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks