Overview

overview

10

Static

static

3

2416408f0c...67.exe

windows7-x64

3

2416408f0c...67.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a8fab2b247f4850bfd0db73085cecaa8ffb10196727a808202a13b2c4ff39cc7

  • Size

    442KB

  • Sample

    240831-qyc9vawepk

  • MD5

    4e4d656bfbf29be55edbd8c02fc55137

  • SHA1

    8965758014ee0e4f53a6e04255a46d0e46fec947

  • SHA256

    a8fab2b247f4850bfd0db73085cecaa8ffb10196727a808202a13b2c4ff39cc7

  • SHA512

    7dea583df3aab464a4677987a5610914164f5326735a67026c128be04ff7b4997fbcbd2f49df31eee2afbb4831aeabf77b7c78a5fc7a5a53c6d50034ad0e63c9

  • SSDEEP

    12288:k4bHjW+GGwJyKPQpwupeUnz1dX4WWmy39R2:FfWS8yCVucUnf4lBG

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.tgxbd.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    &Pn1gy,6JKRC

Targets

    • Target

      2416408f0c44630a0a34198b1f0cfcc39433230236cf8ab3e09ceba77a749467

    • Size

      518KB

    • MD5

      8dc7a88cf0ff7c60f2b8b63140982ae2

    • SHA1

      5556bdde9767d411c94f46136a18434e1d0b33c0

    • SHA256

      2416408f0c44630a0a34198b1f0cfcc39433230236cf8ab3e09ceba77a749467

    • SHA512

      5e36248ec447eb6cba9080af198157c700c3e4f19693ebd1f97601db9809cb551b6cddcd9b766a0ec07c7479bf6c78529c1efbcc3c61c4a6a5cccc58bce99477

    • SSDEEP

      12288:OUi2iNaY8fs/3oizE28AVfR+4BW1wTiN3LpMHvpyC3O:OUi1Mn8oip7fA4SaALpMHv13O

    Score
    10/10
    discoveryagentteslacollectioncredential_accesskeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks