Overview

overview

10

Static

static

1

4de0c431cb...a5.exe

windows7-x64

10

4de0c431cb...a5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc813828d08b596681681296a9e17eb6.bin

  • Size

    672KB

  • Sample

    240327-enlyfscd22

  • MD5

    8fd6a9dad24785c6a0aaf9bf2af7a969

  • SHA1

    69832f38a9cd56824c6d9e28cefc6e583586c707

  • SHA256

    f9c1e5fdb85cde83b31fd3777cc1246283b4a942164aa465366c088e0187e1b7

  • SHA512

    d0c60e1a3f406904ca387368ad5de94e80e290f197eff85417226580b62680cc98d8d2dba01e40321b439724b0ae252fc9192d098b924098935a1a81adbcd84c

  • SSDEEP

    12288:JBAYMZRaLX/8H29P32bt8SayttS8xMc2OGz+XyTBuJ9hvW8SQbZQAf0p:JK6X/8HLlfgyXPrxW8S6ZQAf0p

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.thanhancompony.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    aSkIhV^3

Targets

    • Target

      4de0c431cb9805cb419d42e5f3630a74393ed10409bf0e6d3d65c7b95e380aa5.exe

    • Size

      727KB

    • MD5

      bc813828d08b596681681296a9e17eb6

    • SHA1

      245133d9baef52591ff6ec3f310b729eceaf47fd

    • SHA256

      4de0c431cb9805cb419d42e5f3630a74393ed10409bf0e6d3d65c7b95e380aa5

    • SHA512

      2081dc57e4c629c2cbf1483d44b97a191b89775a9ae6c7b19e3b800f28c7707d0785fceb0d307c85c96652d85836ed0adf713ce3600e96b1c4952eaacad2beee

    • SSDEEP

      12288:/14CMwLXXZLdbHDQThYmKwN8B5vKgVTnuRz+yd3qwabuyHHePcQgoeVMAskR:fXXZGu9vKgVTuRCylqwn7PVgfVX

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

4
T1552

Credentials In Files

3
T1552.001

Credentials in Registry

1
T1552.002

Discovery

Lateral Movement

Collection

Data from Local System

4
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks