Overview

overview

10

Static

static

3

1214fcf60b...58.exe

windows7-x64

10

1214fcf60b...58.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f44e6cb225efe5b640353f568a99acd.bin

  • Size

    113KB

  • Sample

    230611-bm22hagh9s

  • MD5

    07fd1895eb1679235ab2ea759892e831

  • SHA1

    3e7b38494b3629682cfd2a69b29a9a2361765208

  • SHA256

    84364ef2e3f73de1d6837bdc0983de070093669d4f9b116c6334960b99309b3e

  • SHA512

    a27ef05a1e3767efc767812e805167426f8fbd5220be99bcbeb67ce033fa053a907d36b8d107312a1fe36d03d0c888a12fc1303a4efa33b463e7ee5db2d83039

  • SSDEEP

    3072:kFXHFZ7Pg4lzYEflo8XS5epdJV5Sv7cHuXIqw/98qE7T/QK:M3F5/B7doB2bcI9l8Jd

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    webmail.trevor22photography.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Arsenal22@

Targets

    • Target

      1214fcf60b88a08f596efec828f1ea8744b30aa6ff141c8a98f45dc6b2a51658.exe

    • Size

      137KB

    • MD5

      3f44e6cb225efe5b640353f568a99acd

    • SHA1

      89bbcdf4a0c1d210a656b007ae3c754367ba3bc1

    • SHA256

      1214fcf60b88a08f596efec828f1ea8744b30aa6ff141c8a98f45dc6b2a51658

    • SHA512

      7765f7e653c55e4d8034df89dd7584fc787572e3e7d5a38fd5744f95b435598707e26feedb7a0a8d9fd48404598cd7857d52bcfed1b57434acd6bc5428accd7c

    • SSDEEP

      3072:duxPI6JmMvHaXQtMJo+rEG7mAeedlZk52/Id4r85fwH:dgSQcoHG7R9Id4c4

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks