General

  • Target

    _Purchase Order copy.7z

  • Size

    1.0MB

  • Sample

    210423-6hkg87sxma

  • MD5

    ca2187e6243fb81d0961a7cf0904ecaf

  • SHA1

    282c9be9de4ced8922d2e5e784784fe0ad61dc9b

  • SHA256

    9fb53efacb972ea3da3460f7985174efc41d3b8e2f4527aecc57c0404bf4e27e

  • SHA512

    e211c7a220b2c4dc16c5969eaf88056dcf74d653332b054f99c6561469cdf2be844d2815150fbe56b0b9902cc29920a15b2b982ad20ba5244fca5cbf92086023

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    webmail.mdist.us
  • Port:
    587
  • Username:
    jg@mdist.us
  • Password:
    Jg#4321

Targets

    • Target

      Purchase Order copy.exe

    • Size

      1.4MB

    • MD5

      1f78302367062565a269db810ef754c2

    • SHA1

      69e53724804535362ee687bfa37059f965eb7931

    • SHA256

      71e6c949b0e259018b39ad513305c9197afe74c9d68119db8e6e545c74ceedcb

    • SHA512

      874815ad70c20b9e33dd09e2701d5b630c8ecb354d42e3bacf3e9864f752274da3db654d3bd29711a47afa73e7f3203c233fc8f1b2bc404d596537e918a2eb06

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks