General

  • Target

    Detalles del pago.pdf.exe

  • Size

    908KB

  • Sample

    200718-11be94a4y2

  • MD5

    cff942f8b8b7161e872910d0cc37d21c

  • SHA1

    ff18633786e78743da40dee2c0af1c01c7119117

  • SHA256

    7953cff779759642a2cd5981662769249457f01c0c996c69c0b80d5439860c6a

  • SHA512

    d4cc80ce02e1f50f94b4f35b4b42df7cba7cb1f173581e0d6a650c65c29e183049a9046811445eeaba12ffad9e13a12c828f3e5e5653e7d69c1f1d74ef16988d

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.trademaxperu.com
  • Port:
    587
  • Username:
    adopted_nedu@trademaxperu.com
  • Password:
    icui4cu2@@

Targets

    • Target

      Detalles del pago.pdf.exe

    • Size

      908KB

    • MD5

      cff942f8b8b7161e872910d0cc37d21c

    • SHA1

      ff18633786e78743da40dee2c0af1c01c7119117

    • SHA256

      7953cff779759642a2cd5981662769249457f01c0c996c69c0b80d5439860c6a

    • SHA512

      d4cc80ce02e1f50f94b4f35b4b42df7cba7cb1f173581e0d6a650c65c29e183049a9046811445eeaba12ffad9e13a12c828f3e5e5653e7d69c1f1d74ef16988d

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.