a9527ddc909c56d61dd053f93fa802ae614e6ad761830fd267a2d57845534efb

Target

Size

341KB

Sample

220521-ptwd7abcap

Score

10 ^/10

MD5

897cf3a5b3902124eb53cee4c9624914

SHA1

2d273fc4a52aff12b81308f847f9b9d6c1c89b4c

SHA256

a9527ddc909c56d61dd053f93fa802ae614e6ad761830fd267a2d57845534efb

SHA512

55e8c105d01355ebbc18eb4f385ab92bf58b41fb7ee32fa6012812110d2425812fb8b20b0e3ef3f4fd809d08f4ebddb84fa072c38ad634b718758ffdede0364c

Extracted

Family	agenttesla
Credentials	Protocol: smtp Host: smtp.moorefundz.com Port: 587 Username: evra@moorefundz.com Password: g7g2Ig?Aeh_+

Target

Daily Report_2020_xls.exe

MD5

cbb11d12d229cb506a559509ff0d5041

Filesize

407KB

Score

10^/10

SHA1

fa1b25bb450aa82ee3f2c13b96f9fde45f493533

SHA256

1f5501175aa21ba313350d75cf0c5346095ea7df5b8a4f258bba1b95af6b5a1b

SHA512

38a45fe05b7940d1dd0b2f09d6a4bf7834db6649955653acaf3c5e7e74779ba3a47b31ba04461f9c8a283000af208030a704abfd0f5f9ae9a22be87232ef5bf2

Signatures

AgentTesla
Description

Agent Tesla is a remote access tool (RAT) written in visual basic.
Tags

keylogger trojan stealer spyware agenttesla
AgentTesla Payload
Reads data files stored by FTP clients
Description

Tries to access configuration files associated with programs like FileZilla.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of local email clients
Description

Email clients store some user data on disk where infostealers will often target it.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses Microsoft Outlook profiles
Tags

collection

TTPs

Email Collection
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

agenttesla collection keylogger spyware stealer trojan

10^/10

behavioral2

agenttesla collection keylogger spyware stealer trojan

10^/10

Extracted

Tags

Signatures

AgentTesla

Description

Tags

AgentTesla Payload

Reads data files stored by FTP clients

Description

Tags

TTPs

Reads user/profile data of local email clients

Description

Tags

TTPs

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses Microsoft Outlook profiles

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2