Overview

overview

10

Static

static

DHL Air waybill.scr

windows7-x64

10

DHL Air waybill.scr

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL Air waybill.jar

  • Size

    761KB

  • Sample

    221207-trwdmafd48

  • MD5

    75502270d1a0042158b97025d3401111

  • SHA1

    5f49223c1cbf523d524d597c5f966ae2e3e08dfd

  • SHA256

    0e54a2fc005e1606b6a9ee3f1e514122e6ed7281be15740cddc11ae341bf38b8

  • SHA512

    04d3a368c44b2920b8c492aada34e9ad52abb3b246c6ec4aa9e0b03b04576395ad50d816ad328a82cf557e3d09e8179249845577a99c624a5b0fae1de862d9b1

  • SSDEEP

    12288:EaH1JkBYDNgS9dxOXnbF4ZWKzf6kth+4mP5ZkEBzyq+c1lZ0xWP4w+GIMyEN5ish:EaH1JkOiS7kbaZdzfph+4okEgSG+5i5m

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5303328165:AAF7HxnjN67EBIegVs-MwZqBsR_i0699CXE/

Targets

    • Target

      DHL Air waybill.SCR

    • Size

      801KB

    • MD5

      beb27d2d76a11793bd4f7cb8c3cec343

    • SHA1

      3fcfe3b2be699e78f1bcd4136499d805191d76b4

    • SHA256

      3b17be70fb201b2352f0a5d5a2b4f783e18350a13628b96c80c3d4e8c1fdd0b5

    • SHA512

      2d85f07698b9b2c3e2de47e8182bb0e227c7daebf56611cf38cd665df0510adde4c984414d54961c9db7a033ab388a2aa471db7bff30eeb5d96e4c4b3f34f99c

    • SSDEEP

      12288:iwBoY9FDutOg6duUKLo7BkvKpDeSp+7732pQlS3WWu41rXSQTlrOBZ3wIQTIddpn:rIvKpKSpgTMFioJOFigEa3zQtmAI

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks