Overview

overview

10

Static

static

1

3c455abc34...10.exe

windows7-x64

10

3c455abc34...10.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c455abc346654cecc4d49a9eb53b0f0153e3c898da5df414fb681474b43ca10

  • Size

    1.0MB

  • Sample

    230207-bemlvagg68

  • MD5

    08639d5b37ad1a83df774a4853183191

  • SHA1

    9e132f71f1c00e11ff35bde5bf1d94a075be1690

  • SHA256

    3c455abc346654cecc4d49a9eb53b0f0153e3c898da5df414fb681474b43ca10

  • SHA512

    d6b59cadf34db7b4eee7be6328349362237f5f5d0648206b87d366a7bfa34b60eb2e12f8c771d1e8b9320f5dde9ab19cc33d10af5f671a43a33cef1a8f83ed4a

  • SSDEEP

    12288:TmXwOIN2eF0Djb6yuh1UxCi2Z3nCCEMTagVwE48IQyMLTJwiqARR7qNM/OjjCV9d:J2z/Oy4sDMyojMQZJwiqwR4OOHC/m7u

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.mgcpakistan.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    boygirl123456

Targets

    • Target

      3c455abc346654cecc4d49a9eb53b0f0153e3c898da5df414fb681474b43ca10

    • Size

      1.0MB

    • MD5

      08639d5b37ad1a83df774a4853183191

    • SHA1

      9e132f71f1c00e11ff35bde5bf1d94a075be1690

    • SHA256

      3c455abc346654cecc4d49a9eb53b0f0153e3c898da5df414fb681474b43ca10

    • SHA512

      d6b59cadf34db7b4eee7be6328349362237f5f5d0648206b87d366a7bfa34b60eb2e12f8c771d1e8b9320f5dde9ab19cc33d10af5f671a43a33cef1a8f83ed4a

    • SSDEEP

      12288:TmXwOIN2eF0Djb6yuh1UxCi2Z3nCCEMTagVwE48IQyMLTJwiqARR7qNM/OjjCV9d:J2z/Oy4sDMyojMQZJwiqwR4OOHC/m7u

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks