Overview

overview

10

Static

static

Revised PI...20.exe

windows7_x64

10

Revised PI...20.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    373a700807ab8348c6adf26531fbd451d4416baede34538477a2461bf9da94e1

  • Size

    462KB

  • Sample

    220521-n9r62aaagm

  • MD5

    9d31b8396c931bd73fd7b7eafafd3516

  • SHA1

    1e6269d63bb703bca4b53efa566bf74cbe3d914a

  • SHA256

    373a700807ab8348c6adf26531fbd451d4416baede34538477a2461bf9da94e1

  • SHA512

    175b283618e4290f60c87d33aa8d72773db473da091342ddc312eda6ab525ebbdbad5dba350b5d98a0ec1392d8222549eeda43a3588bf918675f9aa84204d0d2

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.shakurjay.com
  • Port:
    587
  • Username:
    jayboy@shakurjay.com
  • Password:
    z9{6l#Bp?sUj

Targets

    • Target

      Revised PI-02-06-2020.exe

    • Size

      513KB

    • MD5

      52858e0c40dc79c797c15592d6f53855

    • SHA1

      cfcdcca75f40a999632cb4620d6ea16192a0e143

    • SHA256

      592f7910caf9e163da420457db1b8c33d938c56d03c8e2955c990e8d3395ac39

    • SHA512

      84c730872c25ca71ed316fa5b1423bdb751d84f64a49ef954d4f4af7121d6f37f202ccf3b8f5ca5f722fb2b03913ea13977ae8d146ce17baa7deae8a267b2ca2

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks