Overview

overview

10

Static

static

Invoice po.exe

windows7_x64

10

Invoice po.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    95b65ada224cd186bdfbd7542feb9ff3383a5794e4885c8284fd94946cb8f701

  • Size

    450KB

  • Sample

    220521-nerl1sgfhn

  • MD5

    3332da516455861314572804ca83ebb0

  • SHA1

    c2f4b4653b3fd4a6ae96c3cbaa4dc8fbfbbf5d1f

  • SHA256

    95b65ada224cd186bdfbd7542feb9ff3383a5794e4885c8284fd94946cb8f701

  • SHA512

    a1f5017bf3873298e9e2d88647ae5461b884fd8d32210837485960216264d2f5520482aedaebc174d6e448929fa976fc1406071c2dd27501af356b751126f532

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.albaniandailynews.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    125875.jUkT

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.albaniandailynews.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    125875.jUkT

Targets

    • Target

      Invoice po.exe

    • Size

      502KB

    • MD5

      336d033b63278f41d919d5e9944a9d9d

    • SHA1

      cfa013de2ef8b542054068ab2aeaa584945634f5

    • SHA256

      0f2a2c10ccdece91433063d992b2a24a316db4e1f8d2dc8f6c532fe48e0e1946

    • SHA512

      bde06b6efde5a982d43f52b95532ba0f89d87cfe1c0c06f3e2757fdc792a7e5452906a8b5cb4f04322d33af43de0ad991465e97c789f4702f1e8fb34286394a3

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks