Overview

overview

10

Static

static

1

4c78821242...d1.exe

windows7-x64

10

4c78821242...d1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c78821242f3d5ae0180a5b0239cfc94873f6680f66dfca8956f1d20e13bd3d1

  • Size

    290KB

  • Sample

    230207-be6dysbh9x

  • MD5

    a9ab51dfa1a6f5ab8228567f8436c953

  • SHA1

    126534775336fef803809a9cc76f7efa1b6f9124

  • SHA256

    4c78821242f3d5ae0180a5b0239cfc94873f6680f66dfca8956f1d20e13bd3d1

  • SHA512

    9fc3f8c5734672d510c56ba8a47d5d0e096bb61e34e9b3e6220bfeb07cef598003e8e40ec861c239de85210a119be71b3bb908da6ee8485100f337bc020e1aac

  • SSDEEP

    6144:alTB6K9zVcNWxbdC8Bmd6891RxdEnbs+tE:cTQ85xbIUe6KJEng+y

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.mgcpakistan.com/
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    boygirl123456

Targets

    • Target

      4c78821242f3d5ae0180a5b0239cfc94873f6680f66dfca8956f1d20e13bd3d1

    • Size

      290KB

    • MD5

      a9ab51dfa1a6f5ab8228567f8436c953

    • SHA1

      126534775336fef803809a9cc76f7efa1b6f9124

    • SHA256

      4c78821242f3d5ae0180a5b0239cfc94873f6680f66dfca8956f1d20e13bd3d1

    • SHA512

      9fc3f8c5734672d510c56ba8a47d5d0e096bb61e34e9b3e6220bfeb07cef598003e8e40ec861c239de85210a119be71b3bb908da6ee8485100f337bc020e1aac

    • SSDEEP

      6144:alTB6K9zVcNWxbdC8Bmd6891RxdEnbs+tE:cTQ85xbIUe6KJEng+y

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks