Overview

overview

10

Static

static

DHL ATH00...14.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL ATH0000387614.rar

  • Size

    625KB

  • Sample

    220923-h8cgashdgp

  • MD5

    7fdda082aaf11d2e335e2ac0e3615ed6

  • SHA1

    16915607673fd3085eec07840a46b8adc9ea83f3

  • SHA256

    976168dd982087859bc513307af712671cd784eefe2de32c14ccebcf1624fffd

  • SHA512

    d0445240ffeb95e9526f4db6a111f522ac35f23e4e08e76c01c16060da44a182cbd5593962b4172b0cdb7ab763756a691a4b013102c9c05a91c8e533f9a97d17

  • SSDEEP

    12288:+MBeLZg1lQXsIEoHE7x8szUK4b1X+JQtUgk9VHGGT1ZmMrm+5rAJ:+MUslCsIEoHEV8s/q1I3g2HGiygU

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    ventas@mftecnologia.com.uy
  • Password:
    Ventas.1

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    ventas@mftecnologia.com.uy
  • Password:
    Ventas.1

Targets

    • Target

      DHL ATH0000387614.exe

    • Size

      794KB

    • MD5

      ea5de2cb58a153e81667e6c4a0627dca

    • SHA1

      23269cffd3ddbb8277d97d491476ba7ac9bf7b5e

    • SHA256

      9da2cbedadabdf82c330987858212470e1ec100f3d24ad43f5f7ecb902236711

    • SHA512

      b9237560ac52bb6d7e46b1fdb24c2f945ce8c1a6ecb1d093f1b0998f02288bc1fe24ef4f1314c86f036ed5e4375f101ef5e06ed8fcf9505b723c0bb2eb3fb4c0

    • SSDEEP

      12288:kP7UMfbvDzcxezAfPILJaV0Bfd9u1hrSlPsVovjDPs54x8NxgV2iN:9ZPILJHldI1hrSlsKLb5xuxgV1

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks