SHIPPING DOCUMENT & PACKING LIST.exe

General
Target

SHIPPING DOCUMENT & PACKING LIST.exe

Size

500KB

Sample

201126-qg52k48hgj

Score
10 /10
MD5

8606b486e3efb971e0c629ea8260368c

SHA1

1030a41cf3debb6f82464b9b95d33da0d5199c9f

SHA256

6abf5552765851e4db6d8346af1473568c7d1497fd848648e32bd1c5c8d8cb2f

SHA512

7e98d88ae39fedeb405deaa33c8ea98bdfb0f8ac2a9a495a17618f17b70851899a2c77428d1100c4e3ef919b51f7619e2a2f0b3fb20546409306a97f33e1a55c

Malware Config
Targets
Target

SHIPPING DOCUMENT & PACKING LIST.exe

MD5

8606b486e3efb971e0c629ea8260368c

Filesize

500KB

Score
10 /10
SHA1

1030a41cf3debb6f82464b9b95d33da0d5199c9f

SHA256

6abf5552765851e4db6d8346af1473568c7d1497fd848648e32bd1c5c8d8cb2f

SHA512

7e98d88ae39fedeb405deaa33c8ea98bdfb0f8ac2a9a495a17618f17b70851899a2c77428d1100c4e3ef919b51f7619e2a2f0b3fb20546409306a97f33e1a55c

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • Drops file in Drivers directory

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation
                    Tasks