560748a34effbbf951daf3b8ca24289f

General
Target

560748a34effbbf951daf3b8ca24289f

Size

671KB

Sample

210727-8nx1ytlzqn

Score
10 /10
MD5

560748a34effbbf951daf3b8ca24289f

SHA1

806be19d38b6260b2fc574a990bf146485e44ab9

SHA256

56d24e5d0336a8aefcaab14ba38932966d7f69c46ea874ab8d7565ea6de94a7d

SHA512

2cc73578715f8d107f48a5db6b82b295ff746feb56e1b42f3ec6ac79ca897f96bab1aa1577b72d3fbdb314e474d1316fc3b0dcd721669431bb4c508f05de364b

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: chamara.kuruppu@organigram-ca.icu

Password: HELPMEGOD@1321

Targets
Target

560748a34effbbf951daf3b8ca24289f

MD5

560748a34effbbf951daf3b8ca24289f

Filesize

671KB

Score
10 /10
SHA1

806be19d38b6260b2fc574a990bf146485e44ab9

SHA256

56d24e5d0336a8aefcaab14ba38932966d7f69c46ea874ab8d7565ea6de94a7d

SHA512

2cc73578715f8d107f48a5db6b82b295ff746feb56e1b42f3ec6ac79ca897f96bab1aa1577b72d3fbdb314e474d1316fc3b0dcd721669431bb4c508f05de364b

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks