General

  • Target

    HKSUPO202006.exe

  • Size

    703KB

  • Sample

    200707-bg9cfp9lyn

  • MD5

    4437d2c24315480713548a0e8511c17d

  • SHA1

    b024ce7b6d469bca49bc12c7ed9226696388d3e6

  • SHA256

    0fafd555f84dcb876be1182b40ed4b85e7b57d8c5798243c3ed0b8421aabe9a6

  • SHA512

    69be8167de86836cce9a4745a61cbd509f20e9a5ff9a14f7244890e6a3718c15d82987abce8596bf24ba8349ab626778ca9244f3ab2348f4af51a0f517f317c2

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    wandony@intarscan.org
  • Password:
    church12@@

Targets

    • Target

      HKSUPO202006.exe

    • Size

      703KB

    • MD5

      4437d2c24315480713548a0e8511c17d

    • SHA1

      b024ce7b6d469bca49bc12c7ed9226696388d3e6

    • SHA256

      0fafd555f84dcb876be1182b40ed4b85e7b57d8c5798243c3ed0b8421aabe9a6

    • SHA512

      69be8167de86836cce9a4745a61cbd509f20e9a5ff9a14f7244890e6a3718c15d82987abce8596bf24ba8349ab626778ca9244f3ab2348f4af51a0f517f317c2

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Tasks