General

  • Target

    4HwMTLRFvpnRf2a.exe

  • Size

    2.2MB

  • Sample

    210504-b3x62z7x4s

  • MD5

    ec835ba0c96c625b726e90871fa4408e

  • SHA1

    f4f79d8c5d99dd6435f72bcf9c1d90aab96e47ab

  • SHA256

    6a156918ff4ace56113e28bfc878aab413d3021fc89f0e6dad59744ac25874fe

  • SHA512

    eb40160fc4e8911920e8f0537c38d665eaa644b3d48159e8143b0e6cae076ca3c81aab59c28e3440c052280d5664798db37399e4855a5c82649f0a4c8fd1ee6b

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.fariya.com
  • Port:
    587
  • Username:
    agha@fariya.com
  • Password:
    password2017

Targets

    • Target

      4HwMTLRFvpnRf2a.exe

    • Size

      2.2MB

    • MD5

      ec835ba0c96c625b726e90871fa4408e

    • SHA1

      f4f79d8c5d99dd6435f72bcf9c1d90aab96e47ab

    • SHA256

      6a156918ff4ace56113e28bfc878aab413d3021fc89f0e6dad59744ac25874fe

    • SHA512

      eb40160fc4e8911920e8f0537c38d665eaa644b3d48159e8143b0e6cae076ca3c81aab59c28e3440c052280d5664798db37399e4855a5c82649f0a4c8fd1ee6b

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks