477b21660b3ecaf3a5822b9c46a8b0790755b7506c6ea1933177cd82bcf440ef

Target

Size

382KB

Sample

220521-xmc82afdap

Score

10 ^/10

MD5

425d2299a175933b983b6b48b35113f8

SHA1

5ce6fb416c6ff1b2f25315fc20aed00ef06c367b

SHA256

477b21660b3ecaf3a5822b9c46a8b0790755b7506c6ea1933177cd82bcf440ef

SHA512

ca63461431131441de87eb7c04d2f7d1e23431d7a88a48926849b4cfb6be4532dd15639abb643da004a5545746e47b3a2685d9d7bab9fa3647bb565ede82ff21

Extracted

Family	agenttesla
Credentials	Protocol: smtp Host: smtp.ionos.es Port: 587 Username: bailen@famorga.com Password: Famorga2017

Extracted

Credentials

Protocol: smtp

Host: smtp.ionos.es

Port: 587

Username: bailen@famorga.com

Password: Famorga2017

Target

INVOICE.exe

MD5

a4975ac7f40ccf4d1803e8edb97dce9e

Filesize

416KB

Score

10^/10

SHA1

2c7d642447cfb2a4b1ce65659ed383b0c96f11ed

SHA256

fda1d068f7b5e8dcbaa65b83088db628ebc9e6420a9fdd258fb5f62bcb4b0935

SHA512

e7b9c414498f1bf101aaa8a77f94266acf6099cb62e9027a8707d71195ece5f67c48745e3f72b7f77ea15bce803990852f3668c8069b2ab4e49b527e4165a681

Signatures

AgentTesla
Description

Agent Tesla is a remote access tool (RAT) written in visual basic.
Tags

keylogger trojan stealer spyware agenttesla
AgentTesla Payload
Checks computer location settings
Description

Looks up country code configured in the registry, likely geofence.
TTPs

Query RegistrySystem Information Discovery
Reads data files stored by FTP clients
Description

Tries to access configuration files associated with programs like FileZilla.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of local email clients
Description

Email clients store some user data on disk where infostealers will often target it.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses Microsoft Outlook profiles
Tags

collection

TTPs

Email Collection
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Scheduled Task

Privilege Escalation

static1

behavioral1

agenttesla collection keylogger spyware stealer trojan

10^/10

behavioral2

agenttesla collection keylogger spyware stealer trojan

10^/10

Extracted

Extracted

Tags

Signatures

AgentTesla

Description

Tags

AgentTesla Payload

Checks computer location settings

Description

TTPs

Reads data files stored by FTP clients

Description

Tags

TTPs

Reads user/profile data of local email clients

Description

Tags

TTPs

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses Microsoft Outlook profiles

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2