Overview

overview

10

Static

static

1

DOOR_MET.exe

windows7-x64

10

DOOR_MET.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOOR-MET_23045112.IMG

  • Size

    1.2MB

  • Sample

    230403-jb8c5sdd63

  • MD5

    769c9f1f9b4f23af5c7bc26565286b90

  • SHA1

    6be5b7a4583d7fe6eb8b8eb36e38f2c0ff8d4fff

  • SHA256

    001b3f8bef7bf2f4710c9355dcd6cbf537d6266f1cbc406ffc954a4485676e99

  • SHA512

    ff57873f725698cb99f1c93b48865a4684c50bcb988b1653d11c9581d1eb3d30356efad043297ec2e710b19cd3670c35017e2cdf59f235224f3fa4c959148150

  • SSDEEP

    12288:r6okzy/q4JM4Q2lQfzwcIDNEkxtdBo0hoay47DKWMH29yoNSDA:/ku/6gQMc6uqhrqW/N

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.navetesilazi.ro
  • Port:
    21
  • Username:
    FTPAdmin@navetesilazi.ro
  • Password:
    sq@s8jK.EAlTz{3EfP%b3kc4@gxAuDMO]-jKJ+CcP&U;d{f4thp)[y_^[!$Y

Targets

    • Target

      DOOR_MET.EXE

    • Size

      658KB

    • MD5

      f4a6d37fefe83f89c2f6b1f253bb9c2c

    • SHA1

      58ac04dfcc1f0bbf7c41181102f9371a67cda336

    • SHA256

      788e583861d0022304a8013dcf66be0e312402d6154f5a7788f1d67518583c7e

    • SHA512

      37f6a03d1356aa442ddc61c230549282fa5f5ce8d3aac4792e26cbbb51f75090b0ab8a0e9139304ee6b89530662cf2ee24033573b80f8b81a27fbcf6ee220e0f

    • SSDEEP

      12288:q6okzy/q4JM4Q2lQfzwcIDNEkxtdBo0hoay47DKWMH29yoNSDA:Sku/6gQMc6uqhrqW/N

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks