Overview

overview

10

Static

static

SOA.exe

windows7_x64

10

SOA.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c81aa4ddf9b2a7d6057733906ad1efdbe5b329d4ecdedcb4f7efe9ffb529a5fe

  • Size

    433KB

  • Sample

    220521-nd39esgfel

  • MD5

    84f83e5f5f853b95093a05946dc57ee6

  • SHA1

    eba4826bcd35d555ca6f9cf9839a96b3df0efbd1

  • SHA256

    c81aa4ddf9b2a7d6057733906ad1efdbe5b329d4ecdedcb4f7efe9ffb529a5fe

  • SHA512

    5a09e37b7bd5d8aa5d1df532970a5e7cb3b0d0fc8f107eda854cfc599b930cc2891df8ec1e9fd57524a3a2eef102493b4d49e272f7223fbe206537ee584ac8e3

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.mosaiclayouts.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    1xH}wgu7}f%E

Targets

    • Target

      SOA.exe

    • Size

      544KB

    • MD5

      0303bb754b89511d9330d2f242866e9b

    • SHA1

      d6c35405714802ad2f44adca90331654fb5f08c1

    • SHA256

      7e5a3cc0dac44399ef51e94acda887d0e1730cca94ea90109b04298cd93b407b

    • SHA512

      cdcb9c2419f0136b4d3358fa90ff5bf240325c53d6948343beb190a778be5321a1da7a999caf9a091bd4b34c707d5ac33b609c7a35d9a8c5cddf166277a23bdc

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks