Payment $67,830.00.zip

General
Target

Payment $67,830.00.zip

Size

534KB

Sample

210722-2r586mgkta

Score
10 /10
MD5

0c46aa1aef86e22db670991465705b84

SHA1

3a9469c9c13ccce9ad650c40604efe93da498f1c

SHA256

9932ebe09d500e0eb67ac036c5917b4ec748171e3063e17735ee27566ff19639

SHA512

cc997714af92b86c030d70e7950132cc86e83e0568a838652067e2d5fcdd18c080bd1e5d1c14598646280e5fe5e862dfd42c9c20a6a9b279f7ff009faced9f5d

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.vivaldi.net

Port: 587

Username: billions101@vivaldi.net

Password: Great#@#$12909()*&^

Targets
Target

Payment $67,830.00.exe

MD5

df77aaa6e3e3aa36d253ef893063452f

Filesize

690KB

Score
10 /10
SHA1

db0f0750d0bbe620db17a719f74c06746a2e05de

SHA256

0e50b895ed10c7cc4ecab501bf363451c24b654e3c3da3ef889a6bd13856bd12

SHA512

1d31dd3e1bb6cc0b2f7b50d592084083fcf4eee05665589216669eb777ae7470f91d0839ae2caba82f84f727ea2218e7860899f1f8023c80e12c7acccbd81106

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks