Overview

overview

10

Static

static

55c4b41ea5...1d.exe

windows7-x64

10

55c4b41ea5...1d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55c4b41ea537bdfdbaba8219d21ff419fcbb47d6b8572cd9db2a80dc38e32c1d.exe

  • Size

    1014KB

  • Sample

    221208-prryzsch9y

  • MD5

    66a940359afc51457890cb05deba1af0

  • SHA1

    508aa379911a32cc2e70c6e851ddd8657ad73017

  • SHA256

    55c4b41ea537bdfdbaba8219d21ff419fcbb47d6b8572cd9db2a80dc38e32c1d

  • SHA512

    2015368c0198b2d2702afd6940888c2d23277d903d032f1a53a8fd62a0a08935fd90c3ee4dbd91011e0704cedc8150542722e95acf4fa17eeeec3911d8898e58

  • SSDEEP

    24576:AO/EpRnGksBylGSM81jnlq+KP4x3yd+L74mBfNUstzo:AOc+grM81Bq+e4x3

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.vaiappia.net
  • Port:
    587
  • Username:
    sale1@vaiappia.net
  • Password:
    project2022blessing

Targets

    • Target

      55c4b41ea537bdfdbaba8219d21ff419fcbb47d6b8572cd9db2a80dc38e32c1d.exe

    • Size

      1014KB

    • MD5

      66a940359afc51457890cb05deba1af0

    • SHA1

      508aa379911a32cc2e70c6e851ddd8657ad73017

    • SHA256

      55c4b41ea537bdfdbaba8219d21ff419fcbb47d6b8572cd9db2a80dc38e32c1d

    • SHA512

      2015368c0198b2d2702afd6940888c2d23277d903d032f1a53a8fd62a0a08935fd90c3ee4dbd91011e0704cedc8150542722e95acf4fa17eeeec3911d8898e58

    • SSDEEP

      24576:AO/EpRnGksBylGSM81jnlq+KP4x3yd+L74mBfNUstzo:AOc+grM81Bq+e4x3

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks