Overview

overview

10

Static

static

Inv3542.exe

windows7_x64

10

Inv3542.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c01d75ddb4949e60dd1353373e1bb00b2821a6d95d3547614ec6cec2a074c293

  • Size

    495KB

  • Sample

    220521-nxltgshdbr

  • MD5

    06a44b9bb879a93b6fc9be9d664bde62

  • SHA1

    2f84e43b0024b0ec22b46b45f9a4c02ee30b6133

  • SHA256

    c01d75ddb4949e60dd1353373e1bb00b2821a6d95d3547614ec6cec2a074c293

  • SHA512

    b6d6b1233433817275cc0ef8d7cf1fe6347e6ff8cf5ea551e265b005e62cf7cf7950467ad0895f562fd9a0d672c62bfac732f8910c9fd3aac9f5c317b7d59563

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.lafenwaosiberu.com
  • Port:
    587
  • Username:
    anumba.c@lafenwaosiberu.com
  • Password:
    perpetua

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.lafenwaosiberu.com
  • Port:
    587
  • Username:
    anumba.c@lafenwaosiberu.com
  • Password:
    perpetua

Targets

    • Target

      Inv3542.exe

    • Size

      799KB

    • MD5

      877137d28e4b224e0f835eb25dbad93e

    • SHA1

      c515c0f2405f5e082cb06b551166e951fdcf7fa3

    • SHA256

      ee7d22a474155d5a7b3e6fd89bee93170b4da713db4b65ad6252ef6a73636598

    • SHA512

      d90e54a323914f1351a9dba7a039470877e290cea530044e483f13c3f4117b9f5f9f15f1341c6730fa23e77c01ac52365cd59923984bc352f477f146286f7109

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks