Overview

overview

10

Static

static

1

4cd98fb666...50.exe

windows7-x64

10

4cd98fb666...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d8586ba0e3d96a8319b0670301eee02.bin

  • Size

    556KB

  • Sample

    230401-bxn8dsfa76

  • MD5

    0e0db86350afed601261bd0fa5e03190

  • SHA1

    eb7339dfd49d028dd85cb69b5313d02f9e35a4ba

  • SHA256

    1f199bbf8f7c54db37e38565ec8cf165404538041a866ff69e71740ed15c690f

  • SHA512

    d33ade7994ac9ef71294ff40fdb12ed7899cde7ca48888396940e0843f2eb1041a85173297db551c19c5721560df29b177b8e4b7ee94b5b6e827a36783bd1e57

  • SSDEEP

    12288:T9sUS4E5MKOklIZxSmzpXYk8erjKheuY3t/qKUQy7:T9sU/Ixup5jKyBKt7

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    omananilampard1@yandex.com
  • Password:
    qbkcioyfoxstxqax
  • Email To:
    omananilampard1@yandex.com

Targets

    • Target

      4cd98fb6668986620818ee269211c338c653064350b2a319a25ea9ba48110050.exe

    • Size

      680KB

    • MD5

      5d8586ba0e3d96a8319b0670301eee02

    • SHA1

      0c1bc52f55e3b35ef78197f42f32a6592a89217c

    • SHA256

      4cd98fb6668986620818ee269211c338c653064350b2a319a25ea9ba48110050

    • SHA512

      e485ddebd05747743d4ee9556fb185731c8ce465dc57a57ff082574fc3b4d7779e315957f906b19bc3f90c9c5a4a7619ec2506ee245b87d41ca55d3140d16f06

    • SSDEEP

      12288:oeJ/sImihh+XJjR6ZiPUpEwCb+RImoQO7FZYisnSCKOQJAtimOMt+EM:tOJjQQFb+e1Bei9CKOQJAimXl

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks