Overview

overview

10

Static

static

scan083120......exe

windows7_x64

10

scan083120......exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3bb19d199fff596129f516833a34d060289387b11296c642f089282dc0c0e1e4

  • Size

    1.0MB

  • Sample

    220521-pxzk1sbdek

  • MD5

    cdea2db65aae814621336d740aa92924

  • SHA1

    c6714c72354633c08595eddb6f010c1035f825bf

  • SHA256

    3bb19d199fff596129f516833a34d060289387b11296c642f089282dc0c0e1e4

  • SHA512

    0cacfdd12126c9dee62bcdcadea631fb4b299831f86648e84a9a940b788481dfdc2d28da4e6a8ebdfe5d6168906ad786bea6aa06e46614ca9c9aa4f66bd71676

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    miss.vostrickova2016@yandex.ru
  • Password:
    3232908

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    miss.vostrickova2016@yandex.ru
  • Password:
    3232908

Targets

    • Target

      scan08312020.pdf .......exe

    • Size

      1.1MB

    • MD5

      f13581b27fd5fc2225e0f62fae689970

    • SHA1

      45739ac5a6a20d63b281e20a088214e3589020d5

    • SHA256

      92bb0317bc220657af5e88c2382bb04150052319693a2ed90616bf65ff44467a

    • SHA512

      9029fd8335f393ccd69b75871c61672d23af7a9f8fb77a14c68b00842d1a4822d2a7c3f9495026fac55a432f08b1c1b826f7a2145ad662aa1c1f7000b7ce98ea

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks