General

  • Target

    Oroder no 3.exe

  • Size

    496KB

  • Sample

    210115-2w1qsry49j

  • MD5

    8e24425b3b3ed238295e51c8f53c5ac1

  • SHA1

    24d7d15fb2201fdc2833fef7ad4600303eaa4bfa

  • SHA256

    7a5dd5409a4a4928ac82b3c019c717d4d6a920a4309e0dcd9fec58f3711187f0

  • SHA512

    a10ddebc2e5141d21ebe316d2032acd249442305a0a7576c35e7ec6c5976a2217defbb800d923cf466ab67fa31912eb9a8d453067806fef877db604a2e1b995d

Malware Config

Targets

    • Target

      Oroder no 3.exe

    • Size

      496KB

    • MD5

      8e24425b3b3ed238295e51c8f53c5ac1

    • SHA1

      24d7d15fb2201fdc2833fef7ad4600303eaa4bfa

    • SHA256

      7a5dd5409a4a4928ac82b3c019c717d4d6a920a4309e0dcd9fec58f3711187f0

    • SHA512

      a10ddebc2e5141d21ebe316d2032acd249442305a0a7576c35e7ec6c5976a2217defbb800d923cf466ab67fa31912eb9a8d453067806fef877db604a2e1b995d

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

3
T1005

Tasks