General

  • Target

    fa322b962d854050adb6c6546f7aaed5

  • Size

    684KB

  • Sample

    210727-9r4vtssvye

  • MD5

    fa322b962d854050adb6c6546f7aaed5

  • SHA1

    b1c7f9e0cf2d4c99175bc38fb4d12d34858e5bea

  • SHA256

    cd043324499b97f0bfcd00d02c0a094aa6d8f4b33f5cd80d94ebf92445f8dc02

  • SHA512

    0a128ee744ed52a9a58ea2136b09e18b90f856a19ee4608ac995a49ecee807c7ff3f8a8f2bd0d313d79e43e7cf4ea14aa33f4e2bcfd540e8bd28043633ff4b9d

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    dutchgardenfoodservices@saleperson.icu
  • Password:
    GOODGOD1234

Targets

    • Target

      fa322b962d854050adb6c6546f7aaed5

    • Size

      684KB

    • MD5

      fa322b962d854050adb6c6546f7aaed5

    • SHA1

      b1c7f9e0cf2d4c99175bc38fb4d12d34858e5bea

    • SHA256

      cd043324499b97f0bfcd00d02c0a094aa6d8f4b33f5cd80d94ebf92445f8dc02

    • SHA512

      0a128ee744ed52a9a58ea2136b09e18b90f856a19ee4608ac995a49ecee807c7ff3f8a8f2bd0d313d79e43e7cf4ea14aa33f4e2bcfd540e8bd28043633ff4b9d

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks