Overview

overview

10

Static

static

10

e426067169...5f.exe

windows7-x64

10

e426067169...5f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e4260671694c69b19811fd7c581ad17ebd15f5946409752a7dc12e2544acbc5f

  • Size

    235KB

  • Sample

    240829-mtaflszakr

  • MD5

    ebb338fc98f9397e7c1f1526ddc7764c

  • SHA1

    4e55acef885627435afd5fcadd676acab23764ae

  • SHA256

    e4260671694c69b19811fd7c581ad17ebd15f5946409752a7dc12e2544acbc5f

  • SHA512

    868f8ad6288dbb42b82f35012ece47523d717e95a66271d391488cfecdc2c19d02e234ec58110f4e0151c00ed0ff4411b688b3a4a3b593ae791950475650ba84

  • SSDEEP

    3072:y6N1b7TjLrhKyApfqIqohCsOxBI25HJWGR2U:y0b7TjLrhKyApfqIvhDOxBI1Gs

Score
10/10
agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.navana-battery.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Test&123

Targets

    • Target

      e4260671694c69b19811fd7c581ad17ebd15f5946409752a7dc12e2544acbc5f

    • Size

      235KB

    • MD5

      ebb338fc98f9397e7c1f1526ddc7764c

    • SHA1

      4e55acef885627435afd5fcadd676acab23764ae

    • SHA256

      e4260671694c69b19811fd7c581ad17ebd15f5946409752a7dc12e2544acbc5f

    • SHA512

      868f8ad6288dbb42b82f35012ece47523d717e95a66271d391488cfecdc2c19d02e234ec58110f4e0151c00ed0ff4411b688b3a4a3b593ae791950475650ba84

    • SSDEEP

      3072:y6N1b7TjLrhKyApfqIqohCsOxBI25HJWGR2U:y0b7TjLrhKyApfqIvhDOxBI1Gs

    Score
    10/10
    agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks