8a56d6baa1eac6ca6208e74591221cbc

General
Target

8a56d6baa1eac6ca6208e74591221cbc

Size

763KB

Sample

210727-43e4g2k36j

Score
10 /10
MD5

8a56d6baa1eac6ca6208e74591221cbc

SHA1

9f057b5a90fdcee33dc2fa4f8f3424a3345186dd

SHA256

61ee3545921c4ddf2a41826b2425dc43b4902353a01798f5516e9afdf4a10d63

SHA512

7b06328817a158c5131f98211d9db8d24044f84e2bade735343539e57f0aaeeafc8da0fd8402a94e55cd0c31e6ab052c2dc55c274710ec3f26880ad172654597

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: chamara.kuruppu@organigram-ca.icu

Password: HELPMEGOD@1321

Targets
Target

8a56d6baa1eac6ca6208e74591221cbc

MD5

8a56d6baa1eac6ca6208e74591221cbc

Filesize

763KB

Score
10 /10
SHA1

9f057b5a90fdcee33dc2fa4f8f3424a3345186dd

SHA256

61ee3545921c4ddf2a41826b2425dc43b4902353a01798f5516e9afdf4a10d63

SHA512

7b06328817a158c5131f98211d9db8d24044f84e2bade735343539e57f0aaeeafc8da0fd8402a94e55cd0c31e6ab052c2dc55c274710ec3f26880ad172654597

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks