RFQ# ZAT77095_pdf.scr

General
Target

RFQ# ZAT77095_pdf.scr

Size

1001KB

Sample

210408-xhpzfysrq2

Score
10 /10
MD5

a68e022018d05e68ab3cfa488af1c998

SHA1

c826625d790173e42ad53ca5e33879c35069996b

SHA256

56757accfe00022eadd58f3f82ff5b4de4d2aa6e3fe427fa990af3d31723ebd9

SHA512

64739d5a31d7b3b4870005d84d157ac5b19d31647771e072e75e7d28ddc3259e5d00fd3cf8b7bcfe8c564d9ce96c4a4fdcc1509e9455ff7d900371565795719a

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.yandex.ru

Port: 587

Username: emmanuel.chiboy@yandex.ru

Password: emmanuel123456789

Targets
Target

RFQ# ZAT77095_pdf.scr

MD5

a68e022018d05e68ab3cfa488af1c998

Filesize

1001KB

Score
10 /10
SHA1

c826625d790173e42ad53ca5e33879c35069996b

SHA256

56757accfe00022eadd58f3f82ff5b4de4d2aa6e3fe427fa990af3d31723ebd9

SHA512

64739d5a31d7b3b4870005d84d157ac5b19d31647771e072e75e7d28ddc3259e5d00fd3cf8b7bcfe8c564d9ce96c4a4fdcc1509e9455ff7d900371565795719a

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation