Overview

overview

10

Static

static

10

b6e00ba99c...45.exe

windows7-x64

10

b6e00ba99c...45.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6e00ba99ccc9f92f247fc6f89350758dd7f50025acd39b7733c4325fc5f3f45.exe

  • Size

    1.1MB

  • Sample

    250120-mztfnsvrfw

  • MD5

    e7bfb8a068ef7372939af9e3f7dada0e

  • SHA1

    c3f10e6165be6b19b5e4d771d0c33d21f71916de

  • SHA256

    b6e00ba99ccc9f92f247fc6f89350758dd7f50025acd39b7733c4325fc5f3f45

  • SHA512

    0ce01b799a376720dcfa40101f92ceb75f0f124683021118b156c5874eca30760e0176811ae63c613ddd53ff7385444737314f916c73038784267c6438875ed0

  • SSDEEP

    24576:Xb8CbrXGcVKmx3+LmNVlNLXDDFm15He0ZW6Ttwz/GH69D0:r8kXVZp+wVlNLtQ5+wWb/J0

Score
10/10
agentteslacollectioncredential_accessdiscoverykeyloggerpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.edaraproperty.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    0XWexsXyg-1Z

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.edaraproperty.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    0XWexsXyg-1Z

Targets

    • Target

      b6e00ba99ccc9f92f247fc6f89350758dd7f50025acd39b7733c4325fc5f3f45.exe

    • Size

      1.1MB

    • MD5

      e7bfb8a068ef7372939af9e3f7dada0e

    • SHA1

      c3f10e6165be6b19b5e4d771d0c33d21f71916de

    • SHA256

      b6e00ba99ccc9f92f247fc6f89350758dd7f50025acd39b7733c4325fc5f3f45

    • SHA512

      0ce01b799a376720dcfa40101f92ceb75f0f124683021118b156c5874eca30760e0176811ae63c613ddd53ff7385444737314f916c73038784267c6438875ed0

    • SSDEEP

      24576:Xb8CbrXGcVKmx3+LmNVlNLXDDFm15He0ZW6Ttwz/GH69D0:r8kXVZp+wVlNLtQ5+wWb/J0

    Score
    10/10
    agentteslacollectioncredential_accessdiscoverykeyloggerpersistenceprivilege_escalationspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Agenttesla family

      agenttesla

    • AgentTesla payload

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks