Overview

overview

10

Static

static

3

001ffca363...75.exe

windows7-x64

10

001ffca363...75.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    001ffca363691bcb5c2399f7a5c74f6d89847a434452acb8a85d14cfe282ed75

  • Size

    856KB

  • Sample

    240523-cpyyasab7y

  • MD5

    18156d45f91dee4763da02f45787e93f

  • SHA1

    4aa631f7954ea890165f8aa36e940e3816918ccc

  • SHA256

    001ffca363691bcb5c2399f7a5c74f6d89847a434452acb8a85d14cfe282ed75

  • SHA512

    517df532657f6d90f13b4d13dddf7a4cebff778aedac4f300e5d39299319a9e0acb96ad915e99ceb6d4e4e38470d8b9bae0303bfb82aec4991c7dbb8463da9d5

  • SSDEEP

    24576:Ew4bjw4bg+ThqDHhCeVAVDsxTqIoseCC7BMMMDMMM:Ew4bjw4bNhYHhBVAVVsFUBMMMDMMM

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6801674292:AAGHV57gdzpsfUBrgXSTVMYSxSDCCh9LBiQ/

Targets

    • Target

      001ffca363691bcb5c2399f7a5c74f6d89847a434452acb8a85d14cfe282ed75

    • Size

      856KB

    • MD5

      18156d45f91dee4763da02f45787e93f

    • SHA1

      4aa631f7954ea890165f8aa36e940e3816918ccc

    • SHA256

      001ffca363691bcb5c2399f7a5c74f6d89847a434452acb8a85d14cfe282ed75

    • SHA512

      517df532657f6d90f13b4d13dddf7a4cebff778aedac4f300e5d39299319a9e0acb96ad915e99ceb6d4e4e38470d8b9bae0303bfb82aec4991c7dbb8463da9d5

    • SSDEEP

      24576:Ew4bjw4bg+ThqDHhCeVAVDsxTqIoseCC7BMMMDMMM:Ew4bjw4bNhYHhBVAVVsFUBMMMDMMM

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

4
T1552

Credentials In Files

3
T1552.001

Credentials in Registry

1
T1552.002

Discovery

Lateral Movement

Collection

Data from Local System

4
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks