EPRD-ES210001A URGENT RFQ.doc

General
Target

EPRD-ES210001A URGENT RFQ.doc

Size

3KB

Sample

210727-9t1mq65qa2

Score
10 /10
MD5

385d9d7dce288d12688ad65b0c262f0b

SHA1

abb40f1e00da3e6613d81c54d8f995e57b5f27ea

SHA256

147ff22bdcef3aa73f1f3231fd85310f55b02535f2921db4e39dc84954f4faae

SHA512

ae14956a5bf0b32150f8efc24c144be1bac63eba62096c8a323e055683c325416583e9374ff4375f564a5803a1417f389815f25c0bc0fd5494021a91fd543807

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: chamara.kuruppu@organigram-ca.icu

Password: HELPMEGOD@1321

Targets
Target

EPRD-ES210001A URGENT RFQ.doc

MD5

385d9d7dce288d12688ad65b0c262f0b

Filesize

3KB

Score
10 /10
SHA1

abb40f1e00da3e6613d81c54d8f995e57b5f27ea

SHA256

147ff22bdcef3aa73f1f3231fd85310f55b02535f2921db4e39dc84954f4faae

SHA512

ae14956a5bf0b32150f8efc24c144be1bac63eba62096c8a323e055683c325416583e9374ff4375f564a5803a1417f389815f25c0bc0fd5494021a91fd543807

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016

    Tags

  • AgentTesla Payload

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral2

                  1/10