Overview

overview

10

Static

static

Quotation ...le.exe

windows7_x64

10

Quotation ...le.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    774ff9d217784b71e2223d3e93fc6bb12ea9e58bd9370c6d5c613a2e8b056806

  • Size

    511KB

  • Sample

    220521-nc1f5sgfal

  • MD5

    18028774ff3edbd58cd1576bd6c82be0

  • SHA1

    fe252949ef8890698af81ff72e333dab9f795c11

  • SHA256

    774ff9d217784b71e2223d3e93fc6bb12ea9e58bd9370c6d5c613a2e8b056806

  • SHA512

    423dcabf86416907eab1a44930f7ebdf4d6f8933857a602741c36152d932c16ad2ead1331458907c96c26b457594bf2bb846a2e7edaa7ebfed236c2322b810e3

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    razilogs@razilogs.com
  • Password:
    anyanwu3116

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    razilogs@razilogs.com
  • Password:
    anyanwu3116

Targets

    • Target

      Quotation & Sample.exe

    • Size

      552KB

    • MD5

      2a6d5dd34b4a2b1edcb23d6c3bfc2e2a

    • SHA1

      c4bf7dff26839535a7f63d591eb1c72a5b037218

    • SHA256

      3234f22d73087d0a3b9e73a6a1fdd5db4493e2f5f1b1f832bc56119752368744

    • SHA512

      a7ac560c079022a449b4f73c4c46f2019e9779cf95341f1a8c0a6c2265b115895a166bc41021edb33b0fe99c2048a6fb2611335167e67757000d8a8f550555fb

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks