Overview

overview

10

Static

static

PE_C015_RF...TE.exe

windows7_x64

10

PE_C015_RF...TE.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad9115b3aff4522e9dd139d70066cc950bcd0de0e2bd0d01c78e08bd0199c096

  • Size

    449KB

  • Sample

    220521-neemfsgffm

  • MD5

    45a8cfc3ce926e8547f6d0f92ba4e66a

  • SHA1

    47f5da286b6d902b3f6ee65f059aa153770b90f6

  • SHA256

    ad9115b3aff4522e9dd139d70066cc950bcd0de0e2bd0d01c78e08bd0199c096

  • SHA512

    ac3c18fc9c53b3c4654544317844134d3f9d189be5bac712b269397cd0826ad6343c81eba4c5c263b0fcfef0700b7129ff69163bea3fb2f2c0405fc92bfe4432

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @damienzy.xyz2240

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    @damienzy.xyz2240

Targets

    • Target

      PE_C015_RFA-GA-(S)-233-R0-2020 QUOTE.exe

    • Size

      550KB

    • MD5

      17aab7f9d312d050471134b9a0caa4ec

    • SHA1

      e58212d94c2fb210789900baf9dc73d1b1893b0b

    • SHA256

      a4cd48b821c140a3a02f3da126f78d7e465d25e441743c129b925af0065efb52

    • SHA512

      9d32255bb4f317c2e4a1d05ad263ba9ad16b27de7077cf11ef3cc9091e74473fcf19a207856a5f9ee07f8395cd0b794acc8eb39667f5b3581eabd3220837962f

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks