Overview

overview

10

Static

static

39bfa1d4e4...13.exe

windows7-x64

10

39bfa1d4e4...13.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    39bfa1d4e402455829324582e0d1042b721a1feb4bebcb387d8f0c0b93752413.exe

  • Size

    839KB

  • Sample

    221207-qsfg1sfa53

  • MD5

    1ad8ac542eef696e65ee26b0c22e62ca

  • SHA1

    20bdae5ba9a4706478df326c0caa2c99fe854498

  • SHA256

    39bfa1d4e402455829324582e0d1042b721a1feb4bebcb387d8f0c0b93752413

  • SHA512

    1db078a90c97634e8b8e6db115b602e102905a455952d96e14f518bbc5b137b67bfe5060bd68ad21700794a70b24e9f46c148c912b28a3e7bbf1c06c16745af3

  • SSDEEP

    24576:Vr18+L74mBfNUstzoEr5jamfpF5tTD243r8JN:Vr/xfpt+4I

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    bG^VamX7@@

Targets

    • Target

      39bfa1d4e402455829324582e0d1042b721a1feb4bebcb387d8f0c0b93752413.exe

    • Size

      839KB

    • MD5

      1ad8ac542eef696e65ee26b0c22e62ca

    • SHA1

      20bdae5ba9a4706478df326c0caa2c99fe854498

    • SHA256

      39bfa1d4e402455829324582e0d1042b721a1feb4bebcb387d8f0c0b93752413

    • SHA512

      1db078a90c97634e8b8e6db115b602e102905a455952d96e14f518bbc5b137b67bfe5060bd68ad21700794a70b24e9f46c148c912b28a3e7bbf1c06c16745af3

    • SSDEEP

      24576:Vr18+L74mBfNUstzoEr5jamfpF5tTD243r8JN:Vr/xfpt+4I

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks