fa322b962d854050adb6c6546f7aaed5

General
Target

fa322b962d854050adb6c6546f7aaed5

Size

684KB

Sample

210727-9r4vtssvye

Score
10 /10
MD5

fa322b962d854050adb6c6546f7aaed5

SHA1

b1c7f9e0cf2d4c99175bc38fb4d12d34858e5bea

SHA256

cd043324499b97f0bfcd00d02c0a094aa6d8f4b33f5cd80d94ebf92445f8dc02

SHA512

0a128ee744ed52a9a58ea2136b09e18b90f856a19ee4608ac995a49ecee807c7ff3f8a8f2bd0d313d79e43e7cf4ea14aa33f4e2bcfd540e8bd28043633ff4b9d

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: dutchgardenfoodservices@saleperson.icu

Password: GOODGOD1234

Targets
Target

fa322b962d854050adb6c6546f7aaed5

MD5

fa322b962d854050adb6c6546f7aaed5

Filesize

684KB

Score
10 /10
SHA1

b1c7f9e0cf2d4c99175bc38fb4d12d34858e5bea

SHA256

cd043324499b97f0bfcd00d02c0a094aa6d8f4b33f5cd80d94ebf92445f8dc02

SHA512

0a128ee744ed52a9a58ea2136b09e18b90f856a19ee4608ac995a49ecee807c7ff3f8a8f2bd0d313d79e43e7cf4ea14aa33f4e2bcfd540e8bd28043633ff4b9d

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks