40d5bbe1d42fcbf09fa3789174d04f8a07c44417ecf1b9823a9dda4f399c12d5

Target

Size

677KB

Sample

220521-pxqccabdcn

Score

10 ^/10

MD5

dd160559c24405ee18fec9e2399ee5b8

SHA1

16d80bfca6be01b9e0a5fa609272720432bc0e21

SHA256

40d5bbe1d42fcbf09fa3789174d04f8a07c44417ecf1b9823a9dda4f399c12d5

SHA512

350b167dd3318bf30e783cee187837cf155b380ba4015363a9f5755d3076de82a34138bae616af59e703f9fc6096105747fe17bd2fd1ccebb3eb3125de42f605

Extracted

Family	agenttesla
Credentials	Protocol: smtp Host: mail.varda.com.tr Port: 587 Username: info@varda.com.tr Password: varda9997929

Extracted

Credentials

Protocol: smtp

Host: mail.varda.com.tr

Port: 587

Username: info@varda.com.tr

Password: varda9997929

Target

Quotation Request.exe

MD5

cbfff4b18ad63daf6990e48335a7aa1b

Filesize

1MB

Score

10^/10

SHA1

76b04133c97c8689d1f4d567103775cc91e67236

SHA256

55dda2889a2fae3ddbe54c70a6ff687d366887a672502d00513543bb9aa482f3

SHA512

72e9b65ebc3452adc6f8ad83b5951f8d27eacfbcc01061243f3f989545e0076afc650eefd1de876ae91248c6be7c9ebdad85ccaf8d2b1ec91d7c8d9d4b26377b

Signatures

AgentTesla
Description

Agent Tesla is a remote access tool (RAT) written in visual basic.
Tags

keylogger trojan stealer spyware agenttesla
AgentTesla Payload
Drops file in Drivers directory
Checks computer location settings
Description

Looks up country code configured in the registry, likely geofence.
TTPs

Query RegistrySystem Information Discovery
Reads data files stored by FTP clients
Description

Tries to access configuration files associated with programs like FileZilla.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of local email clients
Description

Email clients store some user data on disk where infostealers will often target it.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses Microsoft Outlook profiles
Tags

collection

TTPs

Email Collection
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

agenttesla collection keylogger persistence spyware stealer trojan

10^/10

behavioral2

agenttesla collection keylogger persistence spyware stealer trojan

10^/10

Extracted

Extracted

Tags

Signatures

AgentTesla

Description

Tags

AgentTesla Payload

Drops file in Drivers directory

Checks computer location settings

Description

TTPs

Reads data files stored by FTP clients

Description

Tags

TTPs

Reads user/profile data of local email clients

Description

Tags

TTPs

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses Microsoft Outlook profiles

Tags

TTPs

Adds Run key to start application

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2