5814321850515456.zip

General
Target

5814321850515456.zip

Size

720KB

Sample

210727-89my6k3jsa

Score
10 /10
MD5

4f756ed206b879ea407cb64a80b75508

SHA1

27bab31ce89dd33fbf633cd7a5bab1fcbb5ac40d

SHA256

d1c3ee4a810f5982b96ee6383971ec82db75285f2f230765dc38690e81029ff1

SHA512

669cfd7e9d311e31aa0baa92f648d1db12a71868717c260329333956b529ec88d2d7b3646823d1b9a0fdc1511aa980258ebc350066611c756ca97952a0ceab72

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: ftp

Host: ftp://fashionandsorucing.com/

Port: 21

Username: Farmlogs@fashionandsorucing.com

Password: MNZsxGLNtfYc

Targets
Target

494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2

MD5

e2e3079ac8c5cbbcc7073ca306ab42ac

Filesize

1017KB

Score
10 /10
SHA1

5236549f1fbe0f93f4bde89e6e96a34ff98894c3

SHA256

494edbe20027214460af19f45f052f9ccc54db18f438572ce41d607bffc227c2

SHA512

84743366be0864382a0e6ad02a0c6440a31686d50ce1c40f5014e2456c0daaca6a74f8fd28373bd0bb739dacf1f4b8932fad5f18f3554fac67f46bff5c2d9d6c

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation