Overview

overview

10

Static

static

3

Swift-pago.pdf.exe

windows7-x64

10

Swift-pago.pdf.exe

windows10-2004-x64

10

Transferen...co.pdf

windows7-x64

3

Transferen...co.pdf

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_eb31ed47e480118f81cd411e1b596e4c

  • Size

    566KB

  • Sample

    250110-w84gnsvldj

  • MD5

    eb31ed47e480118f81cd411e1b596e4c

  • SHA1

    1ee54e2ac07b815b7f0355332abc60d94a0fd4c8

  • SHA256

    eba198c71f047f143f329759df49f33fd0d28ec83018098996eef7285ce0c7bc

  • SHA512

    63a33ae27edcc97f6b42286b33d91e58498323aae0bacd464f9ef887e7b384e2d0c1b7a18dd8cb56c4a45e891590976ddc539243c1798e27cf5e706ee4a39ea8

  • SSDEEP

    12288:J6tTiCfmGfoWjyiuxx9KjHvpILmdi9bNxmirVg:J6tTiC/foWeiKxoaLmuxmMVg

Score
10/10
agentteslacollectiondiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.alimentostolten.cl
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    icui4cu2@@

Targets

    • Target

      Swift-pago.pdf.exe

    • Size

      38.0MB

    • MD5

      08a5400c20f882346a1f2b9e04cff8d2

    • SHA1

      2cadd3ff90433197824a547ece57da36435fb64b

    • SHA256

      33908ca6bf57c6bbb1375a3d58f4bd5c490451cfad130aaacd61e08020c94e00

    • SHA512

      73bbec6ba2c7127c9b65e99b16e202eedc38c0f1e9d8e6e497e211bfb45ced47e5d7db5e17205d92cc064651610d15a815449f036e01f0616b7e175ce5b1a612

    • SSDEEP

      12288:hpBVJSWUbTz5Vec/ZFaGGBMwqury4DCaWpkMeWcdVxK37N7Otzla+MQ6Y3TzGxqa:hpBVJOvja/Xq13WdeErak

    Score
    10/10
    agentteslacollectiondiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • AgentTesla payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      Transferencia-Ci banco.pdf

    • Size

      1KB

    • MD5

      7193fc11039913b62e2252f801a276e8

    • SHA1

      4e4d3061469ac41fed98935fc7fa551dd4b235f9

    • SHA256

      0fa752460de8ed8c0005e24aac53b93ec9eeb8950757adb663bda78a76375a6b

    • SHA512

      187a8e3b80e20e5f991a95db656a8ac4448239fad45ae8e64affcf96f19f54210dba98ccb4dccaa8e33196e3f1d400845b668b242aa74dcb0afdf944cda65360

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks