dc5688e382c2b6703dac78213f9ef156b2be33ee44aa3bc724a3858b9517677e

Target

Size

401KB

Sample

220521-xl4dtsfchj

Score

10 ^/10

MD5

44f80c62b4958cc95860224850f1a21f

SHA1

4ebfa4fd6372b5d19cbe566cca1543efe1e08e08

SHA256

dc5688e382c2b6703dac78213f9ef156b2be33ee44aa3bc724a3858b9517677e

SHA512

812b9dd03852ed055e4ee2bb962ad67c2a6d74fd6c3570977b6f3124855869094e7f9132ee56a195ae78948db9959a771e6e860fbb60b9634737b7cd127cafd2

Extracted

Family	agenttesla
Credentials	Protocol: smtp Host: secure231.servconfig.com Port: 587 Username: info@eltaef.com Password: eltaefSH6548883

Extracted

Credentials

Protocol: smtp

Host: secure231.servconfig.com

Port: 587

Username: info@eltaef.com

Password: eltaefSH6548883

Target

SSCN_12462020pdf.exe

MD5

33d17dffd1221cd066f45811323b44b1

Filesize

444KB

Score

10^/10

SHA1

4412bb573391d3466ba49d0d0451d0bb73b245c8

SHA256

ba2937327a241e543cddc12d8c1648db557d5408cc4fe8d06a5261d2d96896ca

SHA512

b7f6c51325171a8d3d6b89c07ebf6715f74ba4fa19bd62f781719c540494a18c0c659301957b34c6bce4ea5f7cf837fe6f299d7a56d8f97e2cc54bd62b3ae8dd

Signatures

AgentTesla
Description

Agent Tesla is a remote access tool (RAT) written in visual basic.
Tags

keylogger trojan stealer spyware agenttesla
AgentTesla Payload
Checks computer location settings
Description

Looks up country code configured in the registry, likely geofence.
TTPs

Query RegistrySystem Information Discovery
Reads data files stored by FTP clients
Description

Tries to access configuration files associated with programs like FileZilla.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of local email clients
Description

Email clients store some user data on disk where infostealers will often target it.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses Microsoft Outlook profiles
Tags

collection

TTPs

Email Collection
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

static1

9^/10

behavioral1

agenttesla collection keylogger spyware stealer trojan

10^/10

behavioral2

agenttesla collection keylogger spyware stealer trojan

10^/10

Extracted

Extracted

Tags

Signatures

AgentTesla

Description

Tags

AgentTesla Payload

Checks computer location settings

Description

TTPs

Reads data files stored by FTP clients

Description

Tags

TTPs

Reads user/profile data of local email clients

Description

Tags

TTPs

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses Microsoft Outlook profiles

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2