Overview

overview

10

Static

static

1

New inquir...td.exe

windows7-x64

10

New inquir...td.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New inquiry - Qingdao Wisdom International Supply Chain Management Co Ltd.zip

  • Size

    716KB

  • Sample

    230327-qfhrlsde74

  • MD5

    7dd476ba7d03114a991c49cefec1f35d

  • SHA1

    b882516e17fbc7e1cbb92e1a9a33fe45e07b3270

  • SHA256

    df2a750f5f59f60f4c19761ded5aea7cd18fdc31fe19fc8393af535c18179110

  • SHA512

    b6c17b1eb9a3c7eea687310cf5a84c5639393c845a21351407818fa53c5b57c19419b9493593b035f73534287eecd668935ffa9f5fa7a165b0000e02343e0990

  • SSDEEP

    12288:+lF3vxFTxs+yECaHdncsGJeNc4/P1OPGzDB8ceuA6RXlAHR8VMXAlPirlScllBNe:MF/xFiE7ncsGJ+P1SGzScdA6RVAHR8V7

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    vmeee@kopamarine.xyz
  • Password:
    LC%UjBd1badmanSacr@@
  • Email To:
    vmeee@kopamarine.xyz

Targets

    • Target

      New inquiry - Qingdao Wisdom International Supply Chain Management Co Ltd.exe

    • Size

      794KB

    • MD5

      71cf68e20364b584bb08ea08f2d64b9b

    • SHA1

      60402cf86e50c425e4852ee761c2d7650e76ba56

    • SHA256

      920961f43c4590704b068fb3bd274325c966908e805f7994522ce173e7e4c0ec

    • SHA512

      028d3267066b3da3e8f51fe957e2d6e2a9c71e7d713460e1831f1e3b1f18093d52e1155059aa8e65dc6c8ff8e70077c910d711f1a6222d3f0717130de124392a

    • SSDEEP

      24576:WA5xZDunGsiJgD1iYpOe7A6R90HRYVuAMVn:H57unGsi61iYnMVn

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks