General

  • Target

    Payment.zip

  • Size

    516KB

  • Sample

    210421-ahtn69fr9n

  • MD5

    d6ea4160f408cce8aae4a84d37d9e921

  • SHA1

    3012a93021a3d45edeb98b9ab6f42bb1d880fcc4

  • SHA256

    40697fea925326e0b55469750354352c0c7d36f7abe00699e013e55e9afeae2d

  • SHA512

    f6a68eb7b26015546dec21159e9f145ca30600a8474d79108d40114aedb6c568151e6b2504e058a52cad30adf1d7d4796bd17e9c4a478de162ddc96fb847a7e9

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    a2plcpnl0347.prod.iad2.secureserver.net
  • Port:
    587
  • Username:
    marketing@eximindiacorporation.com
  • Password:
    Admin_123

Targets

    • Target

      WN4gbQOiEGOnFMa.exe

    • Size

      601KB

    • MD5

      a4b94521170a0d99c8a9f0fe8c648561

    • SHA1

      b7a942b4c7704562e23d2e888a07a026fb49fe7d

    • SHA256

      9a597f3b7ec4bb4a3e54c966b95ca6cb543ca467fbc9397a66713187d77a7b97

    • SHA512

      0e4947fe3b205793521344ce09e9f9d67359d6166a1c954fc227cd1d3df5505b1c615eff7e5fbd1e64a7e2e845751e03603ef0c11ff107b63933a43fbc0a9a1b

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks