General

  • Target

    DHL Details.exe

  • Size

    1.1MB

  • Sample

    210122-xs5dcvjzt2

  • MD5

    41b6de13a1a77f13859e7507cb7801d1

  • SHA1

    169255531a255c357293c87401f9da42d58f15a0

  • SHA256

    d395cb074c93aac76ff1dc501e202c61a86e062896593cb75161d3747d2577e9

  • SHA512

    c4976e9894e6e6e16ad400c48e80675c426db77db91a21339a4a806f0afbf16b65a942c3346752269c817f8bc9afc4c99eddcb4173a7c02814876afcfeaa24e0

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    server126.web-hosting.com
  • Port:
    587
  • Username:
    milli@emremetal.xyz
  • Password:
    TB@h;x2zl*5c

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    server126.web-hosting.com
  • Port:
    587
  • Username:
    milli@emremetal.xyz
  • Password:
    TB@h;x2zl*5c

Targets

    • Target

      DHL Details.exe

    • Size

      1.1MB

    • MD5

      41b6de13a1a77f13859e7507cb7801d1

    • SHA1

      169255531a255c357293c87401f9da42d58f15a0

    • SHA256

      d395cb074c93aac76ff1dc501e202c61a86e062896593cb75161d3747d2577e9

    • SHA512

      c4976e9894e6e6e16ad400c48e80675c426db77db91a21339a4a806f0afbf16b65a942c3346752269c817f8bc9afc4c99eddcb4173a7c02814876afcfeaa24e0

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

3
T1005

Tasks