Overview

overview

10

Static

static

7c42e4f5b8...14.exe

windows7-x64

10

7c42e4f5b8...14.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c42e4f5b86dd424e035433029d8e096162e20ba2a3997baa89123c63fbe2714

  • Size

    1.1MB

  • Sample

    221208-caldnabf9y

  • MD5

    f2e41db512101c467bcf578005c142ba

  • SHA1

    55c4d0bbec4906eba459332a19b5bb0a4aad0f84

  • SHA256

    7c42e4f5b86dd424e035433029d8e096162e20ba2a3997baa89123c63fbe2714

  • SHA512

    1230562c0437138a606570d77df5a45072bdde753d530ad6b5ef4f09556dcc7abeba278af1d40be5c724f4e99011b757f3050e13848d506d5a82e3408bb55a68

  • SSDEEP

    24576:8L4LJLZtfgl3R8y2ulMvv0Cg3+OCoOpP4:9LJttfgl3RGulug0ooQ

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.rimiapparelsltd.com
  • Port:
    587
  • Username:
    postmaster@rimiapparelsltd.com
  • Password:
    Ijeomam28@

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.rimiapparelsltd.com
  • Port:
    587
  • Username:
    postmaster@rimiapparelsltd.com
  • Password:
    Ijeomam28@
  • Email To:
    webmaster@rimiapparelsltd.com

Targets

    • Target

      7c42e4f5b86dd424e035433029d8e096162e20ba2a3997baa89123c63fbe2714

    • Size

      1.1MB

    • MD5

      f2e41db512101c467bcf578005c142ba

    • SHA1

      55c4d0bbec4906eba459332a19b5bb0a4aad0f84

    • SHA256

      7c42e4f5b86dd424e035433029d8e096162e20ba2a3997baa89123c63fbe2714

    • SHA512

      1230562c0437138a606570d77df5a45072bdde753d530ad6b5ef4f09556dcc7abeba278af1d40be5c724f4e99011b757f3050e13848d506d5a82e3408bb55a68

    • SSDEEP

      24576:8L4LJLZtfgl3R8y2ulMvv0Cg3+OCoOpP4:9LJttfgl3RGulug0ooQ

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks