Overview

overview

10

Static

static

Payment Copy.exe

windows7_x64

10

Payment Copy.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a023f05b4a9cfef609e99018bb6b083570a5e59c630357aa0a05d18cc6d4d25

  • Size

    298KB

  • Sample

    220521-nx575ahdem

  • MD5

    12feef1c037e691e348358ed10c082e2

  • SHA1

    099f166f144f3c94dc5c7c40e981d560c68b5efe

  • SHA256

    7a023f05b4a9cfef609e99018bb6b083570a5e59c630357aa0a05d18cc6d4d25

  • SHA512

    c985e183441a2a9b7d556d564003653de5516cecb6efb49814fc2b1b08914499bb9822a46e79cea006ca59ab48e0772c675b90bc714d8e4a3cd0f450cb34df49

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.chenklins.com
  • Port:
    587
  • Username:
    bobbrown@chenklins.com
  • Password:
    VBRSv_r)C~mM

Targets

    • Target

      Payment Copy.exe

    • Size

      414KB

    • MD5

      05eaf101a0b976d96093eac5002e020b

    • SHA1

      34a9e953a5f45a3c187af4f370feb395b6c2a45f

    • SHA256

      ec6afc29beafb4093f0aca9fa00e1c3097dac94baee4801eebc5043de4556781

    • SHA512

      67e39fe452b0c72772274f3fa54483262c24a123b21467b3a62cbfa2a4732443e91b32019b83f6665cf24095fcb3df9bee94bdd74558deba77d96da7252eb124

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks