General

  • Target

    Please provide EURO1 Draft.exe

  • Size

    463KB

  • Sample

    201109-dvpa9bhe6n

  • MD5

    423c65948e1fe9c4390314f6cebe66d9

  • SHA1

    966b4efbe63e35aeb6b63a1df45ef862f6e9159b

  • SHA256

    b1b0b814086ceb3cbe9b931ca3ac14ed934399c35b4b6ce956f98e50ea3186ef

  • SHA512

    daa5425283e0498b1d2c60199966cd0e504a36971be847eed61c33642a13c38f65e47f0e5d69e51d000372c1cffbb6aaf9462ebb62f7e6fe702ddf8690eee377

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    millersolomonjaja@yandex.ru
  • Password:
    solomon12345$$$1

Targets

    • Target

      Please provide EURO1 Draft.exe

    • Size

      463KB

    • MD5

      423c65948e1fe9c4390314f6cebe66d9

    • SHA1

      966b4efbe63e35aeb6b63a1df45ef862f6e9159b

    • SHA256

      b1b0b814086ceb3cbe9b931ca3ac14ed934399c35b4b6ce956f98e50ea3186ef

    • SHA512

      daa5425283e0498b1d2c60199966cd0e504a36971be847eed61c33642a13c38f65e47f0e5d69e51d000372c1cffbb6aaf9462ebb62f7e6fe702ddf8690eee377

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • rezer0

      Detects ReZer0, a packer with multiple versions used in various campaigns.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks