General

  • Target

    90dd925b1990f66414717bf179f8c041.exe

  • Size

    940KB

  • Sample

    210721-491wxcq35n

  • MD5

    90dd925b1990f66414717bf179f8c041

  • SHA1

    7dbf76751d6eed6f84a3c17bea67ff8dc1cb3735

  • SHA256

    424c2b2020c57524e9478cc214bd98ec2abee1f3fb2fb7b2db54c5e90f877b18

  • SHA512

    3dfcf2955004657d74e78db86e1c01e1dfba97dcd76b534bd0afbb856f0ee3403a5b281098bbfd025ed99f8025407fb2362e795ad2f07ca905e17d2fbf69ce89

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.hotelharmika.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Playboy007

Targets

    • Target

      90dd925b1990f66414717bf179f8c041.exe

    • Size

      940KB

    • MD5

      90dd925b1990f66414717bf179f8c041

    • SHA1

      7dbf76751d6eed6f84a3c17bea67ff8dc1cb3735

    • SHA256

      424c2b2020c57524e9478cc214bd98ec2abee1f3fb2fb7b2db54c5e90f877b18

    • SHA512

      3dfcf2955004657d74e78db86e1c01e1dfba97dcd76b534bd0afbb856f0ee3403a5b281098bbfd025ed99f8025407fb2362e795ad2f07ca905e17d2fbf69ce89

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks