Overview

overview

10

Static

static

Ref-no A3_...NT.exe

windows7_x64

10

Ref-no A3_...NT.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18c7d663d8a4a8eb4d2b1fc13a049ab9f6619616c76b21fc209e098086d8d353

  • Size

    420KB

  • Sample

    220521-pbjbxaabfj

  • MD5

    2b247ebcf89f401f56ce03b36398c8c9

  • SHA1

    353712fac73471a97890769e364da1eb215e0102

  • SHA256

    18c7d663d8a4a8eb4d2b1fc13a049ab9f6619616c76b21fc209e098086d8d353

  • SHA512

    b34daf4d9f58506859c17c65ead01f1158541ebedfae2849011d04c2fcc7511f4d90e66ae3f6089e33c488984ee62154b77347047180edae7311981d312a8ba1

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    petersonhouston@yandex.com
  • Password:
    faith12AB

Targets

    • Target

      Ref-no A3_RB54PKXYCNT.exe

    • Size

      474KB

    • MD5

      066a679cbe4f8bb3d71cb651448b82a7

    • SHA1

      8cf0375ffb4880734e8437f72b01aee504d8599c

    • SHA256

      99a8b22ec655fd50aa2bdb93b05e8533ec539feeffacf592cf038a6ede299314

    • SHA512

      0930c59151b085f0bf9c23ba25081598033e25c6354fe6b43cdbb6f17b95f2511222fd25769355785c8539dafa961a94485e5ed3fa89aeaa6cd74213943db3ab

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks