Overview

overview

10

Static

static

PO.exe

windows7_x64

10

PO.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d6e0b3dc2f7196964e85cd6ae5b93b47c5d8e02f66030ca9070180bf0967a86e

  • Size

    435KB

  • Sample

    220521-nz6axaedd2

  • MD5

    ad02e0d00a9be0129d10aef722162196

  • SHA1

    4a2fd3cbbe1ffa21be4be730865ac3488e591f9a

  • SHA256

    d6e0b3dc2f7196964e85cd6ae5b93b47c5d8e02f66030ca9070180bf0967a86e

  • SHA512

    fc0f27da62a2c7ca2fc9ac29fd364280e6d56945ecb0691e19873b1eacb511e4866f0778d606a68f315e7f2248e5d764eb46f15a1a2c5d3271c5fcd73e113774

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    f.grac3@yandex.ru
  • Password:
    AMBITION123@@@

Targets

    • Target

      PO.exe

    • Size

      821KB

    • MD5

      6ad7e4bc5d99826179adc6ae6092bfd2

    • SHA1

      81828997adf72f09b853005e5088690a89b66e2c

    • SHA256

      26f426fd4ff119e8830681f0692ff3b627f6c5a0d8905c2ca07b6b4298e07f95

    • SHA512

      a7a307b8f48e53fdd762942fe8cd75c5d90d21a249998ffa1ff49d6230e98415f60df84e30338d9dc8e68e7f142ebaf69113627e6231effd23242e3d1ebb6f6b

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks