Overview

overview

10

Static

static

img-602105...01.exe

windows7_x64

10

img-602105...01.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e99680c49f2ea363603de4ec4391332e4585d4297832a6b27713ac4d7c48251a

  • Size

    738KB

  • Sample

    220521-nqg7qaeac3

  • MD5

    35aa17a7d58223747d68acd4c65f0fbd

  • SHA1

    78fbdcc5eda68d59a6c833fb685823a4674b53eb

  • SHA256

    e99680c49f2ea363603de4ec4391332e4585d4297832a6b27713ac4d7c48251a

  • SHA512

    1755fa6858d08450fd5c084947a328c4d74ebb47e1c11293f19d046f157bbedf6356b525b855586b806f75c98eb7e11448e66c188d19fc1a7fb0fdd211404138

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    Smtp.yandex.ru
  • Port:
    587
  • Username:
    newliferay@yandex.com
  • Password:
    shawama1000

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    Smtp.yandex.ru
  • Port:
    587
  • Username:
    newliferay@yandex.com
  • Password:
    shawama1000

Targets

    • Target

      img-602105445-0001.exe

    • Size

      1.0MB

    • MD5

      d934ca5e00cc636794638d7aa4b7539e

    • SHA1

      0a16fa29a67e33cce6a6eea89e57f303edf8f44d

    • SHA256

      f1044b4d40e2d3df5e586d5c8c58e49fa4795eed6b6afb44b506efe4319f4d0c

    • SHA512

      966f5b25daf21cc9363c6114b00f54d18e92e6a2724048d3e671bf4e1787338fa0e4a2690f79503c8e0a32cf06fc7e3b19c60ac5afd857304555de8bbc717366

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks