Overview

overview

10

Static

static

3

a9993c32ba...36.exe

windows7-x64

10

a9993c32ba...36.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8195933d86c3d1c32779574cee331e37.zip

  • Size

    652KB

  • Sample

    240901-da9xpazdnc

  • MD5

    dac2e3f5ea2e47fb28992df959f415bd

  • SHA1

    3cc8e9eb540f4deba4d1291dbd0c04fb1796dbce

  • SHA256

    48943e7582ebed0191020b20057773b1f4a91d1abba8c30a6bf11cbde2fa7697

  • SHA512

    7a6bb27ae3b835904fbf7bb756897af56461977ffab9e7e44646d440bee5ec8db832292949086a6ec94d3041bac782195b051503fb474c8593b9a7f18462d912

  • SSDEEP

    12288:d40WXRlkEPjX7nVq5LUDBuaG5p4GY2qCzpepf8Bc0z1HfF3FkracqWyaZIRY:d40WXTkAbVq5LSauC/Bcu1/F3FkqWyad

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.yillyenterprise.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Iseeyou.com

Targets

    • Target

      a9993c32ba563caa1d5189a138ebd607fa15cfbbf9dd6124f11215f9803cc036

    • Size

      1.3MB

    • MD5

      8195933d86c3d1c32779574cee331e37

    • SHA1

      6ca5c19d8d6d6268b0c9e04e149e7d8ec5ca4197

    • SHA256

      a9993c32ba563caa1d5189a138ebd607fa15cfbbf9dd6124f11215f9803cc036

    • SHA512

      ad4ee8dcd1ed22d1dac2f97f60cba69f89605873b0ca465bf9df644ee8721e22bad5fd2305c5f230f42497e2997637bdb56abbb58073061f731665d7f5c7212f

    • SSDEEP

      12288:PHLwA5XPo7/fBSkkkkkkkkkkkkkkx9L+kIkkvkkkkkkkk7ZLyszVNA87b8CoirI8:PH8A5A7klIGs087PoitB+JS6afj7

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks