Overview

overview

10

Static

static

INWARD#267...ml.exe

windows7_x64

10

INWARD#267...ml.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d55ae0595505278bd448159dba33bde89baaec39a774d76c28cd7caf7eaf00bf

  • Size

    360KB

  • Sample

    220521-nzb23aeda5

  • MD5

    554388c3f9ac33060594dcf522119f75

  • SHA1

    e53900e6f99070293ae8987bb9597d69ccfa389b

  • SHA256

    d55ae0595505278bd448159dba33bde89baaec39a774d76c28cd7caf7eaf00bf

  • SHA512

    b1679a70e28e6725cc882e390be64da8845cb54b6a2cd80c6c47115281bd45c51b5f902015708d67210564531474feb153703e8dfa4ae5bd6fff7e0a846bd05e

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.ibc.by
  • Port:
    587
  • Username:
    greenpark@ibc.by
  • Password:
    QWErty654321

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.ibc.by
  • Port:
    587
  • Username:
    greenpark@ibc.by
  • Password:
    QWErty654321

Targets

    • Target

      INWARD#2671SWIFT.html.exe

    • Size

      379KB

    • MD5

      135f83f86309a790fe91bc93c405caa4

    • SHA1

      25956724f209adc49b5d61d352bc308c1bdca163

    • SHA256

      ec7a0509c47b0fb580fe7f0ea4656c25bdcefeded8c0283fc550d97dcf6859ed

    • SHA512

      48e41ffabf3c7b5394a5e16d5bb4dc4cb084483beef07489cf5484caa48f50741e33f6a9b3dbdbbceb584ea03c6c6366575246ef6404569fdb21ca65c324fc56

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks