Overview

overview

10

Static

static

Overdue so...df.exe

windows7_x64

10

Overdue so...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    35f13608341f1ac8abc7f356f741937585471c29d16d41b6237696e0bf789817

  • Size

    442KB

  • Sample

    220521-npep7shbap

  • MD5

    450e4f7c8e164121d9b565dc4959efa9

  • SHA1

    9d9f40babc908fa0429bc640cf85defb19701ba3

  • SHA256

    35f13608341f1ac8abc7f356f741937585471c29d16d41b6237696e0bf789817

  • SHA512

    36e5cab374a0812c0978429f8b46eeb5dbdd772e1e27e380a39ab58636c16dc5895ef671e782ec140c9d386f37364f63bf5ba3bcc5372e1af47f4a44b2b45e97

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ionos.com
  • Port:
    587
  • Username:
    sales@proexpertint.com
  • Password:
    temp20182019

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.ionos.com
  • Port:
    587
  • Username:
    sales@proexpertint.com
  • Password:
    temp20182019

Targets

    • Target

      Overdue soa 06 2020.pdf.exe

    • Size

      677KB

    • MD5

      7f32a6b1138fec66336ca5c7bbf6cc93

    • SHA1

      da12385adafac70c7caa3bec7f998b433027f374

    • SHA256

      afaf0481a3bf179c2371debc03ca52aebc43863ce150bbaba694183a88fbf33e

    • SHA512

      f75666d7181279a87fda6cae8ad3eab4bd8c951701083b3dac6c69153aa23a5503eb5011bb9f745e16f5742ff69d263fe07cad68a3b27299dce91d28562274cb

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks