e33ac82c14447959cb7aed86bd915960

General
Target

e33ac82c14447959cb7aed86bd915960

Size

684KB

Sample

210727-256e7jsmh2

Score
10 /10
MD5

e33ac82c14447959cb7aed86bd915960

SHA1

9ea25902ed4f55813ae2708ce237bbf3b89f924a

SHA256

3bcc082fdf8172ec9014d27d75cd67698ac1f27228a698849fad2a56fe94ca0f

SHA512

734cdfefd8e00be8e26f20d8e7fa0a522ddc25cd0fff2528ef283d54a749c5d7ccd415273117bc942cb0927ef2a4cebb42177a0c5f3000287c54f6d290a89091

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: ddelande@quadrel-com.icu

Password: snookiep@123

Targets
Target

e33ac82c14447959cb7aed86bd915960

MD5

e33ac82c14447959cb7aed86bd915960

Filesize

684KB

Score
10 /10
SHA1

9ea25902ed4f55813ae2708ce237bbf3b89f924a

SHA256

3bcc082fdf8172ec9014d27d75cd67698ac1f27228a698849fad2a56fe94ca0f

SHA512

734cdfefd8e00be8e26f20d8e7fa0a522ddc25cd0fff2528ef283d54a749c5d7ccd415273117bc942cb0927ef2a4cebb42177a0c5f3000287c54f6d290a89091

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks