Overview

overview

10

Static

static

1

e3928bbb3f...f5.exe

windows7-x64

10

e3928bbb3f...f5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba8fe3fdbbd12dbb483157149456abe8.bin

  • Size

    800KB

  • Sample

    230328-cq7ltsge39

  • MD5

    42c82ff44dc23cdbf1e9f77727043a4a

  • SHA1

    267e8a650e3c83ff536a00b81e8babe7130a5473

  • SHA256

    3025f0d98d7a83f68517bf42792fd435f4c2d9c7e28c87f898f8c42aa197a326

  • SHA512

    0a807c1149c0145312fe092331547286b1780c6c17d9577e098fc5ccfa72b226bfa4b1a34fd41876c4d97f093a3ab5cf9f612cfd010982d7c086ed5ac6f8e0d2

  • SSDEEP

    12288:HvUcC/CRyFEWDz+dqCe2OV9i9qPdLXWo0tk/X30qkINLGZaoXitK5EtG6i+bctmp:E/CQFzElu0oP6tsAIHQitcL6i3tG

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    arnoldlog@steuler-kch.org
  • Password:
    7213575aceACE@#$
  • Email To:
    arnold@steuler-kch.org

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    arnoldlog@steuler-kch.org
  • Password:
    7213575aceACE@#$

Targets

    • Target

      e3928bbb3f5c9d07d47db48ba6c4325b663894e15019a220bacee24653b4c4f5.exe

    • Size

      977KB

    • MD5

      ba8fe3fdbbd12dbb483157149456abe8

    • SHA1

      ded7c22a7cfd7826a8172ae5401576173aba976b

    • SHA256

      e3928bbb3f5c9d07d47db48ba6c4325b663894e15019a220bacee24653b4c4f5

    • SHA512

      ea06011347332fa0d609a36b575f4b2046267c8be05cce2cee2a0282607f58edcf6971477fbded0b9db38c9a986b3913c2c4ed056d97ad83b5c32f052172444e

    • SSDEEP

      24576:AL242pyeFMoyiuvLMELLlYF3kuvj+YJmtt6uF:ALlHoyiGLlePvj+Y8tt6

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks