Overview

overview

10

Static

static

3

Nuevo orde...__.exe

windows7-x64

10

Nuevo orde...__.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    330c19bd8fdfb8621ff95cf274236836_JaffaCakes118

  • Size

    565KB

  • Sample

    240330-ejtshahb39

  • MD5

    330c19bd8fdfb8621ff95cf274236836

  • SHA1

    fed54431c94423fbf21a4f390e71e549364249b9

  • SHA256

    6c23023be3d1d5ae92d721094654c2ebf72a8403f731ecebc2c25394e95cabcc

  • SHA512

    578fcdbf4b8507ec76b1834534075b0ae17d63e5237d097e1ab02b4db37906311790b9d5493654c824a73cffa35ab75c2135e588e1d58c126f81e0df0e0c9a94

  • SSDEEP

    12288:2R3UQEKt3bPajpHsVbKDVb6vzW2Ex4fLcT2fpGBY6XCmme8s:DcLC1MjvryuBRGBNAs

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Nuevo orden.XLXs_____________________________________________.bat

    • Size

      60.0MB

    • MD5

      d1e9e03bf764b55a0c71a7a85e1d1b95

    • SHA1

      bc21fc57343b78445e5419b3395546b517a9b4e9

    • SHA256

      c58289fabfe22daf894ccf833f7c25d35d973c529611f7bdce3cc8853b4f2750

    • SHA512

      e5f180aaeacba6f3a7734bd711640df45d68cbef5273462ffc43b2387e100221a521463cd590ff2d7e6bc0226ea96a67febc17e4939c536bd4d5801ccc6b30f7

    • SSDEEP

      12288:TYPUi0+A93reuThEJtmKVKNZb5Zpi/PAoubxlpUYJihv:kPUiFwEJgNZb5ZAAfbZU8K

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks