Overview

overview

10

Static

static

10

RETENCIONES.exe

windows7_x64

10

RETENCIONES.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c85c5fd6257987d4386a8592e254eee58bcc3d8b7a0f8d7d2e4f7f8b5ef23f98

  • Size

    275KB

  • Sample

    220521-pswzbsfhh3

  • MD5

    8fc2871a91b48d1ae904d9eadb666427

  • SHA1

    40011dad7f77e746b1401907b5b0e52ae3a3eaec

  • SHA256

    c85c5fd6257987d4386a8592e254eee58bcc3d8b7a0f8d7d2e4f7f8b5ef23f98

  • SHA512

    80a555f90488a8202eaeb8a1db7ae366e00b590b1db3e51c361b5340cf0e1477b694e396cd2cb535af8f965269b840f02318d62439fca02dad2a2670643fa15a

Score
10/10
agentteslaagilenetcollectionkeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      RETENCIONES.exe

    • Size

      656KB

    • MD5

      651472198c3c8e5c47f12d08ab1b1da0

    • SHA1

      5dc122fd24f692ab1a2e9e63938b5991a414b3e2

    • SHA256

      834c9f7bd7ce054f4a5bef137584e93bfe8a018884cb5e9370ba0dae014de3db

    • SHA512

      1e4f46b4f0cc287a767f6da99f0fbaf6277dce43a79d31f6445188fcec6c9e3d87164107b5bb856f94a3896a752dfce109d81a45a3706030c141b98abddfc401

    Score
    10/10
    agentteslaagilenetcollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks