Overview

overview

10

Static

static

3

e8309fe398...f4.exe

windows7-x64

10

e8309fe398...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    40a931986e5bf561e932144f66730a3d.zip

  • Size

    382KB

  • Sample

    240901-j12xnawajk

  • MD5

    e5452bce08df004accfe7c57e9179096

  • SHA1

    9635034e069c9dc4e9bb19a9f78f502bff226fcd

  • SHA256

    526cf17fdd98b9eeba1b3b991c1cda2f9e78b074b6f5b9fbc35624b9aea266fc

  • SHA512

    3dbe256d69848a0b7820d08d177be5e7d0f16838baab03275c5d256b9f45f88f138e63c5850d7cac950a6b3e5c04db9d9fa31abbfba534539d7d1745fb91e3ab

  • SSDEEP

    6144:QA9VkrvPVLrk1mKq8nxMep1Q7BEVEIKg5PEmbVM96czUxjOkSTJ3enay/khSJpUf:U6mKNnlpqBwEMFGoczwjJaJ3eBkepQH9

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.securido.my
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    securido2411

Targets

    • Target

      e8309fe398b789d3706ae732c85cdf0aeb1fc7731a478cb60eb4a75b9641d9f4

    • Size

      438KB

    • MD5

      40a931986e5bf561e932144f66730a3d

    • SHA1

      5e3f8cfe8b6fb95ed0d9c5737f0bce48be65421a

    • SHA256

      e8309fe398b789d3706ae732c85cdf0aeb1fc7731a478cb60eb4a75b9641d9f4

    • SHA512

      6c2ab098edebbdbd34228d04638ecd18cf703a66d1258b4336d1698f888e73b2f39c733504e54c13e29873224dd71014df0fa1d0d54f5d571dc10cc2b5da5d64

    • SSDEEP

      6144:h5TLNJV+oJbP2SLlyq0FQkh2ruU5Ag6Co3AXvXcj9Tpo2kYw:LbBrepQ+2SUigLfX52Bw

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks