Overview

overview

10

Static

static

SHIPPING D...TS.exe

windows7_x64

10

SHIPPING D...TS.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb4479c9bb0706638797857fff9e2a765809ec43567788abf3651570d8b060d1

  • Size

    497KB

  • Sample

    220521-xka1wsbhd9

  • MD5

    41aa6552449aec4d5a1f8532c56e7167

  • SHA1

    54b1d70f1b593a37ea50eda858adef10b6d563f9

  • SHA256

    eb4479c9bb0706638797857fff9e2a765809ec43567788abf3651570d8b060d1

  • SHA512

    3886b35ddb05acdfec77ee97cb6e06e7eeede5336a78094416c4b18293c95dcc9949db3725bde734cf56b8d753bc3adbd37e93fa93ea94f01616f50dbf9a2bcb

Score
10/10
agentteslacollectionkeyloggerrezer0spywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    petersonhouston@yandex.com
  • Password:
    faith12AB

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    petersonhouston@yandex.com
  • Password:
    faith12AB

Targets

    • Target

      SHIPPING DOCUMENTS.exe

    • Size

      600KB

    • MD5

      7c68de99b3926b9b65784e7562fa53cd

    • SHA1

      0c71970bea7e165b952cd08e7cc9fe2899490a3a

    • SHA256

      d5e25941e3d79faf029e3f285e3755bf6b40388af3fd3295dee7ce0289b6d13f

    • SHA512

      b9f5931fd2d508332037ae5c3b6c3788afa78a661587bbf45a0b1ba90f25c45e1a0901fac0f06e8253bb999e662cefcb8ad598d2a3d2e2057c08d0111af15cb9

    Score
    10/10
    agentteslacollectionkeyloggerrezer0spywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks