Overview

overview

10

Static

static

Euro45000.exe

windows7_x64

10

Euro45000.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1dc408f3f651caf2c45fc65d610f92bf6747b441c5f7c3f25dd6f781da83412b

  • Size

    703KB

  • Sample

    220521-xlny5sfcfk

  • MD5

    2a961ad47fc73bfbbfb035d70e5457e8

  • SHA1

    fdc2f892f4a1a519669fd85713f18618c96a93d7

  • SHA256

    1dc408f3f651caf2c45fc65d610f92bf6747b441c5f7c3f25dd6f781da83412b

  • SHA512

    55deec48e3599b6ae57599266a83710ee09a417f3452a2122ab80a05569905612d0f44be15d40bfcdff133874b3fc21af780957abcd80730126b59d987376b13

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    businesslogs01@yandex.com
  • Password:
    password20@

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    businesslogs01@yandex.com
  • Password:
    password20@

Targets

    • Target

      Euro45000.exe

    • Size

      913KB

    • MD5

      3e5f80a483571fa625e56a00661250f6

    • SHA1

      3b418712790d665aefcd8a907f4cefbf4f450716

    • SHA256

      01e0d6bbfccea03b1686c70b809788f3b81d804f28709a8f7f0dffcc8761d2d1

    • SHA512

      d0ec0a4d53f359c239898d74475622cef6a0063e9368b1cb7b3486327a415b7c0a6fd58b90e5b351c27ced9dbe4c728627ba25aac42c1cc357a3c8b89f7b39f2

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks