Overview

overview

10

Static

static

BCHILE-867...EL.exe

windows7_x64

10

BCHILE-867...EL.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    76e4ccf083ffcb4ffb42f9cb962aa86325076bf92c21b967a915e825b4d55a56

  • Size

    490KB

  • Sample

    220521-ne2rzsggar

  • MD5

    6c317f742f79fa026d8ab065dff8d63c

  • SHA1

    8cb44ddc7e8bd47b73fb00c6b24566978530fc1e

  • SHA256

    76e4ccf083ffcb4ffb42f9cb962aa86325076bf92c21b967a915e825b4d55a56

  • SHA512

    e3a5b687be60858b73774874968154ad136ded2a84827a6f589c46878d208b9f20c0baf09a3ba5b64b2a90aa0575f2b103476402422473ebaf8328067ef239bd

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    amblessed22

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    amblessed22

Targets

    • Target

      BCHILE-86712-K41-FPA-000018__REL 0017 BECHTEL.exe

    • Size

      700KB

    • MD5

      70412bb185c9232855032d5ea681f5d2

    • SHA1

      55f0e244005e965fbd0c9355ea4f4f51c824b8d3

    • SHA256

      e51adcf99928f26014b6993369a60a9d4371759f23ddbd4d0df10105ce6de848

    • SHA512

      ab20f06c0aaa1c57fea7b69e28f39a01739feb37e97639ceed29a7a573284081ad582bb5946239e592758c6fc8098e3b52a31e2bb3f4a1387196ca17513d6d81

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks