General

  • Target

    affd8e6bdc328d5db92a6ae4d210f916.exe

  • Size

    1.1MB

  • Sample

    210721-p8qf5tv4hs

  • MD5

    affd8e6bdc328d5db92a6ae4d210f916

  • SHA1

    3abb4b3cb1ad4d12c81d611623973e8401e3e23b

  • SHA256

    04cdbb87050fa773ed542d18c1993851661cdebcd06acb6af05bd9e03d14a1c8

  • SHA512

    a6601b3d1bfa896c9284e35026f032ab2073f855be0e6a1354f1c8c86dff6e0e33c1471f062b81610ffd3e4133806de14edbd17b9e2ea21db424fa8ae10731eb

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    miratechs.gq
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#$

Targets

    • Target

      affd8e6bdc328d5db92a6ae4d210f916.exe

    • Size

      1.1MB

    • MD5

      affd8e6bdc328d5db92a6ae4d210f916

    • SHA1

      3abb4b3cb1ad4d12c81d611623973e8401e3e23b

    • SHA256

      04cdbb87050fa773ed542d18c1993851661cdebcd06acb6af05bd9e03d14a1c8

    • SHA512

      a6601b3d1bfa896c9284e35026f032ab2073f855be0e6a1354f1c8c86dff6e0e33c1471f062b81610ffd3e4133806de14edbd17b9e2ea21db424fa8ae10731eb

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks