126503018.eml.zip

General
Target

126503018.eml.zip

Size

3KB

Sample

210421-rxs2ek9d4s

Score
10 /10
MD5

112815430ea71ae812e30d1c596c9ad9

SHA1

28341737f4e6a8e3b2eac4bdf713dee94640a2ef

SHA256

28425375bde8a9d13ac9b57ccc32f046b2c7bebdf592b5af2d85146d565e9a9e

SHA512

e35df2e4850bceea76a15d6981d97ffd893589394b6cecd5512f614db290de118c85626b1a6ad01a48e2970eec9efe7472bde2601e6ada1eb3b57c105563916d

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: prodip@precisionenergy.me

Password: @Mexico1.,

Targets
Target

Purchase Order.doc

MD5

9ef6eb1c4c2bc4c409fc59e4bbf36854

Filesize

4KB

Score
10 /10
SHA1

e4e956b1f7e500073bab3ccef88e6c4bf784c663

SHA256

9aec6bdb253c4e34d6f4629baadc8a01d4674ac5bd084b791820160ed27d2b2b

SHA512

45764eb0feb82a7da251461fcf02e56e7b6468a4f45c89f8b3a9826cc81444d50126ad0595d7c19e3e551530763ee8fe94a37423316dd102e990a71fb829d1ca

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral2

                  1/10