Overview

overview

10

Static

static

1

Payment Advice.exe

windows7-x64

10

Payment Advice.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Advice.ARJ

  • Size

    20KB

  • Sample

    230206-vf5zcsac2s

  • MD5

    e329dc7926c7516dbc968ddefe67ee0c

  • SHA1

    a3045747e595fae86520057d00589dbabd0db089

  • SHA256

    88545da29ed38b49b6e156130f465ba449a0cfcd0650a4c15f9764cb7d540472

  • SHA512

    73cb9fd6437e7ada5c95f16d663b48fbdf0e631d2652d590698016932440e70be0e40b017b2b614230378b7407146ed887a71d615ae8d55566efce8d7ccc348d

  • SSDEEP

    384:tdZrTmw1aVACIFejZu4Rjj5ikActuTJslcTRd4t7PfzgiBUpxqT:VuA5e1u41j5iiuNslcTRd4JKqT

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.wasstech.com
  • Port:
    587
  • Username:
    sahar.nassif@wasstech.com
  • Password:
    payment 12345
  • Email To:
    sahar.nassif@wasstech.com

Targets

    • Target

      Payment Advice.exe

    • Size

      64KB

    • MD5

      b6eb7b4e594a56b4863355c9a7f86b53

    • SHA1

      117f098e05ef647da17ea4182b77f99efd7b1b94

    • SHA256

      6293bc321e0d935cb697ff2d091446f6ff17b604c8720fe525f0ef3c38de8dbe

    • SHA512

      463248fab99aff86929190ce4e7197ccfd59a65e5fbe8c85236e12825a8851c9479c394bf6fc403aab36632607109a12d065451c662138b7b32a237c9a50511a

    • SSDEEP

      768:0AOAg9DjP3i6zmz4e2XX/40LO6dusn04ep:ZON9DjP3iC+Ja/40ymuL3p

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks