Overview

overview

10

Static

static

3

e4f2916c6c...3d.exe

windows7-x64

10

e4f2916c6c...3d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e4f2916c6c50ca267e420849c924ffb2e9659fba24017351294183dd7fe9ae3d

  • Size

    569KB

  • Sample

    250111-bwwk3sxket

  • MD5

    0e71783ad510b8e65efe6e6ccb0a74f0

  • SHA1

    66c65a719edfd2217d781421ee94086e108793a3

  • SHA256

    e4f2916c6c50ca267e420849c924ffb2e9659fba24017351294183dd7fe9ae3d

  • SHA512

    63c6604a9af3032a94fce1b62732ed2072611800118773caa9aacbf12dc3ccd52881ef94aead189831359dc300fb671de9e60dc3728f3929ad43417bed26e977

  • SSDEEP

    12288:gerxL2jjK7gVnYff0aiet53E7aepYOEB0SYhha3dAh46AFiJoTB:gHj1M7H0FpYOyluYd

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      e4f2916c6c50ca267e420849c924ffb2e9659fba24017351294183dd7fe9ae3d

    • Size

      569KB

    • MD5

      0e71783ad510b8e65efe6e6ccb0a74f0

    • SHA1

      66c65a719edfd2217d781421ee94086e108793a3

    • SHA256

      e4f2916c6c50ca267e420849c924ffb2e9659fba24017351294183dd7fe9ae3d

    • SHA512

      63c6604a9af3032a94fce1b62732ed2072611800118773caa9aacbf12dc3ccd52881ef94aead189831359dc300fb671de9e60dc3728f3929ad43417bed26e977

    • SSDEEP

      12288:gerxL2jjK7gVnYff0aiet53E7aepYOEB0SYhha3dAh46AFiJoTB:gHj1M7H0FpYOyluYd

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • AgentTesla payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks