General

  • Target

    8a56d6baa1eac6ca6208e74591221cbc

  • Size

    763KB

  • Sample

    210727-43e4g2k36j

  • MD5

    8a56d6baa1eac6ca6208e74591221cbc

  • SHA1

    9f057b5a90fdcee33dc2fa4f8f3424a3345186dd

  • SHA256

    61ee3545921c4ddf2a41826b2425dc43b4902353a01798f5516e9afdf4a10d63

  • SHA512

    7b06328817a158c5131f98211d9db8d24044f84e2bade735343539e57f0aaeeafc8da0fd8402a94e55cd0c31e6ab052c2dc55c274710ec3f26880ad172654597

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    chamara.kuruppu@organigram-ca.icu
  • Password:
    HELPMEGOD@1321

Targets

    • Target

      8a56d6baa1eac6ca6208e74591221cbc

    • Size

      763KB

    • MD5

      8a56d6baa1eac6ca6208e74591221cbc

    • SHA1

      9f057b5a90fdcee33dc2fa4f8f3424a3345186dd

    • SHA256

      61ee3545921c4ddf2a41826b2425dc43b4902353a01798f5516e9afdf4a10d63

    • SHA512

      7b06328817a158c5131f98211d9db8d24044f84e2bade735343539e57f0aaeeafc8da0fd8402a94e55cd0c31e6ab052c2dc55c274710ec3f26880ad172654597

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks