General

  • Target

    RFQ-034.scr

  • Size

    57KB

  • Sample

    210408-3w3lpgbgaa

  • MD5

    0b0714c8f6fae9579ff074872cf987de

  • SHA1

    847dc02d0c9d80c0eea7047a0fc85457ffd2cbb4

  • SHA256

    c3528956666ac901c406c13e9b265cb805424e91919db91a1fe2227ffbc15c7a

  • SHA512

    4edcecfced136a1bb0d376b9b1a2b607fed248c838e820faea53cb06323b8138ff4415b6bbd311ef75d7de13f70cd1e77c6bfe3fd1ab07f6f28d601bf29bd2e5

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.guangijpharm.com
  • Port:
    587
  • Username:
    morale@guangijpharm.com
  • Password:
    blessmegod@77

Targets

    • Target

      RFQ-034.scr

    • Size

      57KB

    • MD5

      0b0714c8f6fae9579ff074872cf987de

    • SHA1

      847dc02d0c9d80c0eea7047a0fc85457ffd2cbb4

    • SHA256

      c3528956666ac901c406c13e9b265cb805424e91919db91a1fe2227ffbc15c7a

    • SHA512

      4edcecfced136a1bb0d376b9b1a2b607fed248c838e820faea53cb06323b8138ff4415b6bbd311ef75d7de13f70cd1e77c6bfe3fd1ab07f6f28d601bf29bd2e5

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Defense Evasion

Modify Registry

5
T1112

Disabling Security Tools

4
T1089

Install Root Certificate

1
T1130

Discovery

System Information Discovery

1
T1082

Tasks