Overview

overview

10

Static

static

VESSEL PAR...oc.exe

windows7_x64

10

VESSEL PAR...oc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VESSEL PARTICULARS - NYK LINE.doc.exe

  • Size

    384KB

  • Sample

    210928-lycwvsbea4

  • MD5

    93445df2c96362810e0395c5c867700e

  • SHA1

    645f936406b04fbfb737bbffb5678d5255c6ec34

  • SHA256

    ecb4fe719a7fc1365d70ec9db8b3c74cb4bf8968324c25d3817fcc5628fae6fa

  • SHA512

    bfcfc7c220963f8269537b737d71251dfe3a9f6a800e7d65e3a1fd449a4f3f9e12c7f20207543009f8655a4fdfa672a11173de27e682478da4f15a0875f3bae8

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.boydsteamships.com
  • Port:
    587
  • Username:
    csanchez@boydsteamships.com
  • Password:
    co*tNjEBt4

Targets

    • Target

      VESSEL PARTICULARS - NYK LINE.doc.exe

    • Size

      384KB

    • MD5

      93445df2c96362810e0395c5c867700e

    • SHA1

      645f936406b04fbfb737bbffb5678d5255c6ec34

    • SHA256

      ecb4fe719a7fc1365d70ec9db8b3c74cb4bf8968324c25d3817fcc5628fae6fa

    • SHA512

      bfcfc7c220963f8269537b737d71251dfe3a9f6a800e7d65e3a1fd449a4f3f9e12c7f20207543009f8655a4fdfa672a11173de27e682478da4f15a0875f3bae8

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks