Overview

overview

10

Static

static

Original S...df.exe

windows7_x64

10

Original S...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e13264de403e804d6214a0dedc6c01d8e8fc9de6f9c4fc1d18e08fb4656a4a6

  • Size

    363KB

  • Sample

    220521-pva5msgac9

  • MD5

    d59773dda7f71413a64369c8ee0c36a7

  • SHA1

    90cb5d04fb44571c0fae6cbb690dbed3344b9cb6

  • SHA256

    9e13264de403e804d6214a0dedc6c01d8e8fc9de6f9c4fc1d18e08fb4656a4a6

  • SHA512

    004d28d88f1b18135a6c0e30c5ba0d5f29846b29085c3b6b56727d3766110833eca68c6392598d3afe18cb05224ad480a1e0553e307d86b88e095ba7358bb4a7

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    infokingking88@yandex.ru
  • Password:
    kingmoney12345

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    infokingking88@yandex.ru
  • Password:
    kingmoney12345

Targets

    • Target

      Original Shipping documents .pdf.exe

    • Size

      497KB

    • MD5

      b4c970d02853627e0895a727572788c7

    • SHA1

      78c71acc984005bb0f7db63180dd3b3fa9673abb

    • SHA256

      7d55b0a9f323550b53b9bed20b938959163a3ab02b995a6d84d5e4b0145febb7

    • SHA512

      3f71519f1c105b49c538dd7b37e22207765c233809999eed8f786d834b023d85974d4fd4ba370e19f5843eefc454c5a88149985dacf9fee878315a41d3c7cc35

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks