Overview

overview

10

Static

static

Payment Re...01.exe

windows7_x64

10

Payment Re...01.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43f06e8665afbd1a8ad5b69a0e37973705b6e21863e082642bb57ebd0eb404f2

  • Size

    511KB

  • Sample

    220521-pb5vxaabhm

  • MD5

    aa433a051f22cf87bb3c2475da5d287f

  • SHA1

    c02e62512bcf6ad02ca076f8a466cb4c9feb9556

  • SHA256

    43f06e8665afbd1a8ad5b69a0e37973705b6e21863e082642bb57ebd0eb404f2

  • SHA512

    7a324faf359d606d0ba088bd807cab8adb36b6cb10cab24314cc0f63d24e85938bd035c28ed6b3533a3f18f0ac314bb19aaf3a155b8f0f43ed716490a488b3a2

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.chaikistomato.us
  • Port:
    587
  • Username:
    humberto2@chaikistomato.us
  • Password:
    MNAKJus@1k2

Targets

    • Target

      Payment Ref MT 103 #45980238001.exe

    • Size

      551KB

    • MD5

      4a529abd1165507b2d18064fa1f1769e

    • SHA1

      921df754e0ecd947b14a8b00af445ca566e6cd46

    • SHA256

      9169d246ccab4d7206fd3a6d294c628d1e9b8ed33329cc025170f546a7c5671e

    • SHA512

      9747c561bed5b2377a7596c7fe159d077143b40ecd8439d5af81d132cadfefd0b9cf7011941e271d6ccc7549e0379252ffcd91cb90d60aea8588934c2df2fe0b

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks