54a9c7b2de032c88a365724c0cf41c6d8cae0a63299f5870fbddfd2fada133c0

Target

Size

354KB

Sample

220521-pw9dtsbdal

Score

10 ^/10

MD5

e2082e433bd9a88e80f51c9e7238bbe6

SHA1

fce93fdc8378c546c8c4e7e319792c8dae710bba

SHA256

54a9c7b2de032c88a365724c0cf41c6d8cae0a63299f5870fbddfd2fada133c0

SHA512

641e3e40f748eeba64f010a6b9bcc0eaafc40acabd46a551baf2ca9e7453dac21de624614b272d333c6873b3b5eeaa4ec97c5a964c249e5738d96056e29a592c

Extracted

Family	agenttesla
Credentials	Protocol: ftp Host: ftp://gsmtp.me/ Port: 21 Username: mikano Password: N1!4o8yg Protocol: ftp Host: ftp://gsmtp.me/ Port: 21 Username: mikano Password: N1!4o8yg

Target

PO-7890374.exe

MD5

e9578b76923aaf0ef5c6ddd29f04c44b

Filesize

488KB

Score

10^/10

SHA1

fd105ad0cfaac1465e7773e1f5a98a4bdc9ab7d9

SHA256

0e1398abdfa85e32529125bf46eca2248faa7baa07f114ead8e310fc05a73beb

SHA512

fb064a5aad513cf8650d03b716e0502a920779a9c2f7f3db0628e65c89c439b72984f2efc21f43112874fff3cbe1c59d1cc0d8e4cc944ecd97abb043c280cc37

Signatures

AgentTesla
Description

Agent Tesla is a remote access tool (RAT) written in visual basic.
Tags

keylogger trojan stealer spyware agenttesla
AgentTesla Payload
Checks computer location settings
Description

Looks up country code configured in the registry, likely geofence.
TTPs

Query RegistrySystem Information Discovery
Reads data files stored by FTP clients
Description

Tries to access configuration files associated with programs like FileZilla.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of local email clients
Description

Email clients store some user data on disk where infostealers will often target it.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses Microsoft Outlook profiles
Tags

collection

TTPs

Email Collection
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

static1

behavioral1

agenttesla collection keylogger spyware stealer trojan

10^/10

behavioral2

agenttesla collection keylogger spyware stealer trojan

10^/10

Extracted

Tags

Signatures

AgentTesla

Description

Tags

AgentTesla Payload

Checks computer location settings

Description

TTPs

Reads data files stored by FTP clients

Description

Tags

TTPs

Reads user/profile data of local email clients

Description

Tags

TTPs

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses Microsoft Outlook profiles

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2