Overview

overview

10

Static

static

3

2111db91a7...c3.exe

windows7-x64

3

2111db91a7...c3.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2111db91a743a246a30e482445bd2509828c78bd6a5756670ca2dd39cbc753c3

  • Size

    523KB

  • Sample

    241124-beyzwaskfl

  • MD5

    0acad990ec85a2ace1651ef2a773d074

  • SHA1

    c7cc8c7b6bb9e87c051312df76387922281247fa

  • SHA256

    2111db91a743a246a30e482445bd2509828c78bd6a5756670ca2dd39cbc753c3

  • SHA512

    c5707e6af2af62b0b5123483380e98947ebc5593e5175204b4383f54dab0f37883d7235ea5c97037cc26bf490f8df2afae025b15fe169ec6140225fe680a0fb8

  • SSDEEP

    12288:gYcndtWt5LAiFl/rYCCZdd7Us9zue3o1MCksxfbyLJBJkolAgLV:gYcWtiijrYCCZdNUKzua+M7sxc

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    darkeyedarkeye12

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    darkeyedarkeye12

Targets

    • Target

      2111db91a743a246a30e482445bd2509828c78bd6a5756670ca2dd39cbc753c3

    • Size

      523KB

    • MD5

      0acad990ec85a2ace1651ef2a773d074

    • SHA1

      c7cc8c7b6bb9e87c051312df76387922281247fa

    • SHA256

      2111db91a743a246a30e482445bd2509828c78bd6a5756670ca2dd39cbc753c3

    • SHA512

      c5707e6af2af62b0b5123483380e98947ebc5593e5175204b4383f54dab0f37883d7235ea5c97037cc26bf490f8df2afae025b15fe169ec6140225fe680a0fb8

    • SSDEEP

      12288:gYcndtWt5LAiFl/rYCCZdd7Us9zue3o1MCksxfbyLJBJkolAgLV:gYcWtiijrYCCZdNUKzua+M7sxc

    Score
    10/10
    discoveryagentteslacollectioncredential_accesskeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks