General

  • Target

    PARTS REQUEST SO_30005141.exe

  • Size

    675KB

  • Sample

    210126-f8gf8yafg6

  • MD5

    e398d1d3147becaac2bba69798ed8536

  • SHA1

    7a53f04e19d2a90a36ef343a47246986aafce541

  • SHA256

    d7d0034131ad17dbfbb4a01fc0777da552bfe908862326c695a5894384659495

  • SHA512

    ea81f174b0210c418f27ebced75dc8f15b45f486d90c1af8a88b5d12d8a2fe00749983b50da40b13152601e083571ea42f689c4f7eb841c4d878ea925b878de3

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.hybridgroupco.com
  • Port:
    587
  • Username:
    2021@hybridgroupco.com
  • Password:
    Obinna123@@@

Targets

    • Target

      PARTS REQUEST SO_30005141.exe

    • Size

      675KB

    • MD5

      e398d1d3147becaac2bba69798ed8536

    • SHA1

      7a53f04e19d2a90a36ef343a47246986aafce541

    • SHA256

      d7d0034131ad17dbfbb4a01fc0777da552bfe908862326c695a5894384659495

    • SHA512

      ea81f174b0210c418f27ebced75dc8f15b45f486d90c1af8a88b5d12d8a2fe00749983b50da40b13152601e083571ea42f689c4f7eb841c4d878ea925b878de3

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Tasks