Overview

overview

10

Static

static

3

17589e726e...8f.exe

windows7-x64

10

17589e726e...8f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_e90d5755d62686199f7e69ebd105044a5a6b1552cb0eeb13742b5f2d01bed32b

  • Size

    601KB

  • Sample

    241223-r2n17asmfq

  • MD5

    b49c36447ffe9c6d4d17763c9dd1406c

  • SHA1

    6b01d7c24f71375f38f20be088a0dd1f2b8c81a6

  • SHA256

    e90d5755d62686199f7e69ebd105044a5a6b1552cb0eeb13742b5f2d01bed32b

  • SHA512

    caadd139dbd1766feac9d80a37e052d12869562b6f5ccd4cafe81cb57e3d8c0598eff78d0a5485e36afb186875993d0bc973d79536044bd970a0b8d3937b9daa

  • SSDEEP

    12288:Qvr+qCD9IG1XOXCVfuX+OfLJQKN63Hj8jAUKpNbuPL1gt4:Sr+XZVYCVxyLJj63H4jAUKvbY1gS

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    YAWALESS123@@

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    YAWALESS123@@

Targets

    • Target

      17589e726e9a629be05b4a39848c3a399549b646c38bbe9ac4c301a261dacc8f.exe

    • Size

      888KB

    • MD5

      25d6c4747284bf8489b1faa56a1ddd42

    • SHA1

      49112625189085cdde41b13809efa60d3d26fc5a

    • SHA256

      17589e726e9a629be05b4a39848c3a399549b646c38bbe9ac4c301a261dacc8f

    • SHA512

      62c9f541b7db2be928de9678b050efe98769b573fbf4855ec343a78527618c4c63c7a0c3bd1fda26d9232dc27fd47bf254d6c4984f86d2397d4266c19f6216f9

    • SSDEEP

      12288:zK4HTNfVv2SM15g7MW6ZWPVSmb33VqYs/+exRtOM7LXCtj:fv24MlQPPVqd/+e9OM+

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks