Overview

overview

10

Static

static

10

COMPANY PROFILE.exe

windows7_x64

10

COMPANY PROFILE.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7750f2133f4bd392a5757fa453e4a264b59049b9ef626881c7e730e1180995d6

  • Size

    275KB

  • Sample

    220521-pj24zsafdp

  • MD5

    acb2dfb43d781a72ffe6db80d7d18418

  • SHA1

    c4686ce2dbfdff72136f284106e9dca3e115936e

  • SHA256

    7750f2133f4bd392a5757fa453e4a264b59049b9ef626881c7e730e1180995d6

  • SHA512

    7d674eb1d109a82515660c35ea7e9d92b59d7fcc77578cd30dd4ed1e4f862e2d855e4591d41196d38e04b6e3b2b9bf42afc6c0d915931be3c468e548e01d3072

Score
10/10
agentteslaagilenetcollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      COMPANY PROFILE.exe

    • Size

      657KB

    • MD5

      4c1f8cf98fb6fbf46968741c4a3c11a0

    • SHA1

      f012177fbafd6d8afd4d28a5420691ad6c657137

    • SHA256

      9c77b82a3c0940c736dc6b61591394ed69ae046b90992b427910d3ce28f77772

    • SHA512

      68dd73e204b60707c06717e1b0602edb71c152cb3ad31e909d7f6bcb0c685e11fe4df91e92f72eed4dac476ab258509931a0f6c363b343b53b4c95f45bc084ed

    Score
    10/10
    agentteslaagilenetcollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks