Overview

overview

10

Static

static

3

48932bf191...f0.exe

windows7-x64

10

48932bf191...f0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48932bf191efeba3a99ecea2b75b266ebcac6e88546dd422faa4a942637662f0

  • Size

    1.4MB

  • Sample

    250114-cgnscswlar

  • MD5

    e349bec2074d635ce424d5a4867141f2

  • SHA1

    a9dadcfd0ad426a30e1181889e27430d38eb8e62

  • SHA256

    48932bf191efeba3a99ecea2b75b266ebcac6e88546dd422faa4a942637662f0

  • SHA512

    1cf49cc8799cefb27b1b1b69716c984dd3079b756af6c504c24438491075a730a28851db2459351a3b90be928e121e836515dd83a83fcd99917d512f24d33eac

  • SSDEEP

    24576:mOhpo1j3wOknGgLcyFA1/trv1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:phpoVAOknGnyFA1t9jLoyEkmZ9Y14

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.kinqshuk-bd.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    HBqq%k(5

Targets

    • Target

      48932bf191efeba3a99ecea2b75b266ebcac6e88546dd422faa4a942637662f0

    • Size

      1.4MB

    • MD5

      e349bec2074d635ce424d5a4867141f2

    • SHA1

      a9dadcfd0ad426a30e1181889e27430d38eb8e62

    • SHA256

      48932bf191efeba3a99ecea2b75b266ebcac6e88546dd422faa4a942637662f0

    • SHA512

      1cf49cc8799cefb27b1b1b69716c984dd3079b756af6c504c24438491075a730a28851db2459351a3b90be928e121e836515dd83a83fcd99917d512f24d33eac

    • SSDEEP

      24576:mOhpo1j3wOknGgLcyFA1/trv1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:phpoVAOknGnyFA1t9jLoyEkmZ9Y14

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • AgentTesla payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks