Overview

overview

10

Static

static

3

teambzx.exe

windows7-x64

10

teambzx.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    teambzx.exe

  • Size

    732KB

  • Sample

    230609-vkq11acf96

  • MD5

    336375e930359420ca9be2882d881df5

  • SHA1

    e9aaf7533a4a88feeb820ca0f2001def95987483

  • SHA256

    062091e8dfcd454183cd27936fc78e170a8e52fd7229321ec40e912825e22684

  • SHA512

    2326d30d66b3ed62378078be4115d75eb6f56cc5eb7bed95555d2ab7573c30ca227f7dd311996af54cc09d0a6364be06733b99eff4d7494851818e641fde1b4b

  • SSDEEP

    12288:I/PWR28Le0cY+Yg9fb9WshiQMJrJqxO61iUQTmJTCj15USGQ/5HDIi:IH+xL9Rk9ciMZmiUdlS5Bj9DI

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.grad-vodice.hr
  • Port:
    587
  • Username:
    marija.bilac@grad-vodice.hr
  • Password:
    pKs9zy8Nn1
  • Email To:
    triangleshpk@skiff.com

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.grad-vodice.hr
  • Port:
    587
  • Username:
    marija.bilac@grad-vodice.hr
  • Password:
    pKs9zy8Nn1

Targets

    • Target

      teambzx.exe

    • Size

      732KB

    • MD5

      336375e930359420ca9be2882d881df5

    • SHA1

      e9aaf7533a4a88feeb820ca0f2001def95987483

    • SHA256

      062091e8dfcd454183cd27936fc78e170a8e52fd7229321ec40e912825e22684

    • SHA512

      2326d30d66b3ed62378078be4115d75eb6f56cc5eb7bed95555d2ab7573c30ca227f7dd311996af54cc09d0a6364be06733b99eff4d7494851818e641fde1b4b

    • SSDEEP

      12288:I/PWR28Le0cY+Yg9fb9WshiQMJrJqxO61iUQTmJTCj15USGQ/5HDIi:IH+xL9Rk9ciMZmiUdlS5Bj9DI

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks