Overview

overview

10

Static

static

purchase o...56.exe

windows7-x64

10

purchase o...56.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    purchase order No. 4502717956.z

  • Size

    660KB

  • Sample

    221208-qfbcjada8s

  • MD5

    0d4571f1099fd1ed70b80b6a53bce4ad

  • SHA1

    02ae898b8689db80f654d0e163500edf18a78a9d

  • SHA256

    84e4b585faaac8c0fd26c1c2c5ad4d44d271e72dc65cf9625eb7266ac960fc14

  • SHA512

    2d61206ba30424e6ff1e7ca4267bfa1efcbc00535c489d9b70ac5209a3cff81c5a4ca3a3c31e624b17a71e66ce81463021631bdc46a778fd38b7b716e05a834f

  • SSDEEP

    12288:IzWX+Yv1OqSLUbMCLkLbvSJMBKWtBq2+D9Tfr/Vconfb7hfdBdI:ISXDn5LkLVKW2tRbRconfPxdY

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.reousaomilia.gr
  • Port:
    587
  • Username:
    noratsoukala@reousaomilia.gr
  • Password:
    nora2020!
  • Email To:
    orginbox@yandex.com

Targets

    • Target

      purchase order No. 4502717956.exe

    • Size

      738KB

    • MD5

      27d631027838d94262fe33e8b76b0543

    • SHA1

      3fd40787525906c92cf9d485299e4d06b6043407

    • SHA256

      b7394e25936c4fd44716fcdcce914a35c0cdb0980e4527035681df4f800520e7

    • SHA512

      07b34c65df7e9f80cbe84c11c290cd64dca7ee2394ec47c9ef39dad3640ffc47e73895c769b2160d912013d79250379dde2fc363dc2cfcc64374539f08573c5a

    • SSDEEP

      12288:awlxmomPZefGPtqvyuzj8DNaHHAq17pKbZaws+iKvaSUih4qxs4jnTS+Co3ry/J:GomxiGQFviaub0wnieNfm46+RuJ

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks