Overview

overview

10

Static

static

Quotation_......exe

windows7_x64

10

Quotation_......exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d18e2f4903806f4e84849179a1ff724877ea9953ef600ec51cfbd1fe6ed63f2a

  • Size

    719KB

  • Sample

    220521-nqr2xshbdl

  • MD5

    83488509a76c3e43533ab26e0277e724

  • SHA1

    4f7274bb8ae6ccfb046c378fa6aabab98dd40d14

  • SHA256

    d18e2f4903806f4e84849179a1ff724877ea9953ef600ec51cfbd1fe6ed63f2a

  • SHA512

    6942833967b838e55b3fa932bfe93fd71ef7edad0b0fa5b31dfc5fb385e9312a6fd36f70332843754c4b4bbfdb6345f1e7517b04ab813299e29ed04440816f1f

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.bosut.mk
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    0XsKEemhd6EE

Targets

    • Target

      Quotation_2817.PDF....exe

    • Size

      833KB

    • MD5

      92f3335d62d0fd3237481ee357c5c4b0

    • SHA1

      2b1dcc3d5076af52f78befbf332d56349d1a6b0f

    • SHA256

      c9a1de280156ec597ed843bb47c13fcc149914f9e7740604a1d834a9d033beb7

    • SHA512

      5d7ea8d48f3c99205ce781ddf3d59175ac10f47421c34885f6384b521622820a7a130223f661e860197b2f7f73008a2c670835776f2f09c888465cba58d5e33e

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks