Overview

overview

10

Static

static

GsxINR0t8iolBIA.exe

windows7-x64

10

GsxINR0t8iolBIA.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8199c30edc544b24e479f396e0982337af82235cdb7b0e36c1a9e6e7bddc107

  • Size

    619KB

  • Sample

    221128-n7qv7agb3z

  • MD5

    fa80943e564c6bd196f31cc388e89222

  • SHA1

    a10223dcc2bb2ddddcaf91fd9defb363401dba92

  • SHA256

    c8199c30edc544b24e479f396e0982337af82235cdb7b0e36c1a9e6e7bddc107

  • SHA512

    cf94b7de2fd06ed590dc761100c43757318d7cadd2d0ec09f03fcb9dd281a9cae890f7ac0a3b787553bf2d214fb03d4e61d1a015f78ac4f507878e715baa0118

  • SSDEEP

    12288:y0IoTk5gATcoCVP/9lavENfuztReNssl/90EObmDQRVoEM89GmuBbSS4eH:y0IoILTwVPllkE9uzDeFBWE2gQRV48fS

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5380301623:AAEiiAoD9x5hD8Dpz7EhZFXpW2UQGzFYtzs/sendDocument

Targets

    • Target

      GsxINR0t8iolBIA.exe

    • Size

      714KB

    • MD5

      b5fbf8ee3c25415a91dcf897ee20a98a

    • SHA1

      b794d6f5bb0232f7fc0963ed78ef7012d9ea7d86

    • SHA256

      63cdda46a08c3038d94c60c3dd0ac398eb2d5b56568870bd4128b835a41d7c4d

    • SHA512

      f377988f9a54e64f3005ce84af8114a343eb914cecde973c19ee332fe1acfbb5ec541b196850bc2baf73bd9a8120ef3e6e50ff0b495f63ca7beed6f530130395

    • SSDEEP

      12288:FIlpkANyPAatCGgapqfc37HrEN1Go3FbojZzCi9fjzEOastQCg5:FUUCGgapqfcTrcmjtCQjAO1td+

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks