Overview

overview

10

Static

static

COTIZACIÓ...__.exe

windows7_x64

10

COTIZACIÓ...__.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    084619152a1fa679b084ece55a1a1cb199f9502e7d33046bc4d214bd2018858c

  • Size

    580KB

  • Sample

    220521-pdgk4aacdr

  • MD5

    5f650c52d2a221e4bdd5c067cb2aa698

  • SHA1

    040a0e1aec1406755e665d25ea71efcdd0c40e76

  • SHA256

    084619152a1fa679b084ece55a1a1cb199f9502e7d33046bc4d214bd2018858c

  • SHA512

    3fbd0bbe19d215a04042972aa072fb993c6571b50be5afdf0c39e533e9cca21a2e32e310a8a142005f412e81df8d789267fc3018e30194833e2c804f9a35c219

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.erneralduae.com
  • Port:
    587
  • Username:
    jerryforward@erneralduae.com
  • Password:
    nEV!EZo2

Targets

    • Target

      COTIZACIÓN_PDF_________________________________________.exe

    • Size

      739KB

    • MD5

      145e8aea36c9f86f59925db2ae4a83aa

    • SHA1

      55870f35ad72a0efeae1033e9dbe1f15e410b156

    • SHA256

      383aa57d77f1740e89407ecb7598d62776d05dd61b9d0c7a13e6b5db9294daea

    • SHA512

      e89d54f8e31893cade5ede23a63c0ab545b95d1f3880827bf6b4a21bab720ac5fb237d57d81aa9cd83ba80bf52c7f579e14eb0b359f9969109f59b210a70e8a8

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks