Overview

overview

10

Static

static

1

cf21689409...bb.exe

windows7-x64

10

cf21689409...bb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0dc62cfaa97d8e6e5b4b31770c78f47f.bin

  • Size

    1.1MB

  • Sample

    230328-bgjyqsaa4x

  • MD5

    33455741cc2f959c2afea47db971d97d

  • SHA1

    2230b29b10499428ff0eb7dd51dc92ba83f3ac19

  • SHA256

    037b979fdcd8a1c1b556841e302366ca9a5d567cbf2f9d6780cd4f9ce45bcbbb

  • SHA512

    aae817b07862b771f1ad9381cb8a3d7fa50cf3c65706656c67c51086448bde5bb3a87a70345fce6751da8637b122d2997aebb5671bdb97d12591fa4d3681584c

  • SSDEEP

    24576:zvh1WhaaEn012lewYipHG2BBRnCW7ZlKEVeEYmwqfe+g:zyaJ08ewYs37Gjr/H

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    arnoldlog@steuler-kch.org
  • Password:
    7213575aceACE@#$
  • Email To:
    arnold@steuler-kch.org

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    arnoldlog@steuler-kch.org
  • Password:
    7213575aceACE@#$

Targets

    • Target

      cf2168940995549a47e170ff65e038af63a8217526c9dd292eed8f98957750bb.exe

    • Size

      1.2MB

    • MD5

      0dc62cfaa97d8e6e5b4b31770c78f47f

    • SHA1

      7bceac1bbb293d269091fb13fe086aa7af5f1966

    • SHA256

      cf2168940995549a47e170ff65e038af63a8217526c9dd292eed8f98957750bb

    • SHA512

      b1e168461dc6e1b5acb9b8cea9f1e70711ccf1ed71194e9c79d19da6dc65c4c88dea942e9a99589f90e33dabd2256bc07981b9c5a8004ed1212cf0dbde3cf1ad

    • SSDEEP

      24576:Q+vs6wgvlq0W188h4b3suhmaYwihwQwmX8zWTHF6VeZbCIXK8P5dEda5JM:Q+ExOzM4b8zwi6Q5fWexCIthdE

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks