Overview

overview

10

Static

static

Overdue fo...nt.exe

windows7-x64

10

Overdue fo...nt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Overdue for July & August Statement.exe

  • Size

    756KB

  • Sample

    220725-janx4sbbhj

  • MD5

    519f978ffc3f713491f62c05f2496ea8

  • SHA1

    eeb24e554c7f73597731d7967b3e351e2f57bae7

  • SHA256

    f364017f935cd2a302b9559a6036afcf91bb74203fab0b8e56a47771eda96e3b

  • SHA512

    ba95a995e4930f6d575087b417580dbad50c13b77cdad87f2efbaa9655217b7de92b4826f124c355640933fd20dd91f8942e79b2afcc2ddf8a1cedae9f599562

Score
10/10
agentteslacollectionkeyloggerspywarestealersuricatatrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.fardarlogistics.com
  • Port:
    587
  • Username:
    hr@fardarlogistics.com
  • Password:
    fardar123

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.fardarlogistics.com
  • Port:
    587
  • Username:
    hr@fardarlogistics.com
  • Password:
    fardar123
  • Email To:
    jinhux31@gmail.com

Targets

    • Target

      Overdue for July & August Statement.exe

    • Size

      756KB

    • MD5

      519f978ffc3f713491f62c05f2496ea8

    • SHA1

      eeb24e554c7f73597731d7967b3e351e2f57bae7

    • SHA256

      f364017f935cd2a302b9559a6036afcf91bb74203fab0b8e56a47771eda96e3b

    • SHA512

      ba95a995e4930f6d575087b417580dbad50c13b77cdad87f2efbaa9655217b7de92b4826f124c355640933fd20dd91f8942e79b2afcc2ddf8a1cedae9f599562

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealersuricatatrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • suricata: ET MALWARE AgentTesla Exfil Via SMTP

      suricata: ET MALWARE AgentTesla Exfil Via SMTP

      suricata

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks