Overview

overview

10

Static

static

DS T-8.501...K).exe

windows7_x64

10

DS T-8.501...K).exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2be9293e253be8c5057429e9a86a319db3502b7af6e96ec2b4d7f33b44303e62

  • Size

    505KB

  • Sample

    220521-pcjn3aacaq

  • MD5

    767c86473ab0e59d34560dafd45b29e9

  • SHA1

    acd39fc13b3e4ebf861161001ce33ff2e6b8d5ef

  • SHA256

    2be9293e253be8c5057429e9a86a319db3502b7af6e96ec2b4d7f33b44303e62

  • SHA512

    c165173deb75e3e86be4dc1f5a6feeefee40b6bcf8d7bb4716073ccd3e3bbc133ac54b7a457289bb09b2082c52d4c3e5f4809e0c686b3f83356e734878d19baf

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    mor440ney@yandex.com
  • Password:
    castor123@

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    mor440ney@yandex.com
  • Password:
    castor123@

Targets

    • Target

      DS T-8.501_rev 1.com (532K).exe

    • Size

      543KB

    • MD5

      b626da77489140e34c9b7fc990c91fdd

    • SHA1

      af505cd8aec29a09573e8bd2f47d4ef4e8186e52

    • SHA256

      c3a87e5a0c5e488d8a2be10a05c22628d6a68282cda7e001902bd2d51fc059d0

    • SHA512

      dae4c9ef5d829fddaa8b2d3b38f4393e5d04ff59926a6937b361ff0005fc2cd140a5b6d2f7c6157ce08a6366d2e244a81d9e662a7e8181f771786f784f4af0a5

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks