Overview

overview

10

Static

static

c.c auth,-...df.exe

windows7_x64

10

c.c auth,-...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f192a32d2b45bb6104607e955ad7034859a4f18a29ecd1107b119cc9c20094d

  • Size

    271KB

  • Sample

    220521-n97xgsabaj

  • MD5

    9ade9808ef050cd080896ece9d6ec5cc

  • SHA1

    78f4bb948fc2613174702a84c4fb737146bb81de

  • SHA256

    2f192a32d2b45bb6104607e955ad7034859a4f18a29ecd1107b119cc9c20094d

  • SHA512

    a1f47de08292b70df5feb537de22aeff4dbd5bfb25b4a68a9eac0074190c94f6f856b09075940fd11659f95784b91e10d8902b25775204f84a908709cae8722b

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.marketinfosales.com
  • Port:
    587
  • Username:
    info@marketinfosales.com
  • Password:
    QAZqaz123@

Targets

    • Target

      c.c auth,-confirmation #1307654780,pdf.exe

    • Size

      389KB

    • MD5

      e80514ca1a42e6f28fbd78b561883c2c

    • SHA1

      823c8f1ff7d961eb2a910af44d130997c76c01ce

    • SHA256

      ac59fc8043fdbad6e5c65e7c9e34aaceffe49290761f5ff6befa5825a781bc27

    • SHA512

      7cc4c8a5ef724b8226a06662b7323cf9210637ccff800649bdea56df16e16fd8995926a9f624287c15b02b4678e173d3873ec87694d739a07c105f60da2a2a6b

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks