$35@@#.exe

General
Target

$35@@#.exe

Size

516KB

Sample

210727-fp2698387s

Score
10 /10
MD5

fe61f0a471b697d0c381c64eddf3649c

SHA1

bb8575caccc983a10f86de8c86e5e6598b993b27

SHA256

412991e242a1a3b4325e9d22e9158880214f13fd0db68c8509fab47d4f09c9d5

SHA512

6b279820631cd2d86d4e545a18b9dd1cedf81bfe921fbcddb8c042a9f64e2883c75acae047f770e15e4d01d0524f0d6de16de8dcf44428e06b382cfb138f78d0

Malware Config

Extracted

Family agenttesla
C2

https://api.telegram.org/bot1815802853:AAFwTZ6mRU-UOmcTcCR8glZAAkNmzHpMkL8/sendDocument

Targets
Target

$35@@#.exe

MD5

fe61f0a471b697d0c381c64eddf3649c

Filesize

516KB

Score
10 /10
SHA1

bb8575caccc983a10f86de8c86e5e6598b993b27

SHA256

412991e242a1a3b4325e9d22e9158880214f13fd0db68c8509fab47d4f09c9d5

SHA512

6b279820631cd2d86d4e545a18b9dd1cedf81bfe921fbcddb8c042a9f64e2883c75acae047f770e15e4d01d0524f0d6de16de8dcf44428e06b382cfb138f78d0

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation