ea4d96f213ca97ecc5dcbffe408ff2bf

General
Target

ea4d96f213ca97ecc5dcbffe408ff2bf

Size

645KB

Sample

210727-j8gawecvta

Score
10 /10
MD5

ea4d96f213ca97ecc5dcbffe408ff2bf

SHA1

3b3cbeb4060970f0d349e6ec37a20cf1285800b7

SHA256

aa49a468dd184ec1ee4b126823e7c3dec0539e75b0736b6f2a24116fc33badb9

SHA512

ee8d48cef141b8b3ce84779eab1686ec474b0bcd786579c4494eb7ac9a0e4d868570499de735f2b300b76973e2cb5a06c1bd1f1645c4b2ea86a6731c2a5a7338

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: max.mccanna@metaltek.me

Password: GODGRACE12345

Targets
Target

ea4d96f213ca97ecc5dcbffe408ff2bf

MD5

ea4d96f213ca97ecc5dcbffe408ff2bf

Filesize

645KB

Score
10 /10
SHA1

3b3cbeb4060970f0d349e6ec37a20cf1285800b7

SHA256

aa49a468dd184ec1ee4b126823e7c3dec0539e75b0736b6f2a24116fc33badb9

SHA512

ee8d48cef141b8b3ce84779eab1686ec474b0bcd786579c4494eb7ac9a0e4d868570499de735f2b300b76973e2cb5a06c1bd1f1645c4b2ea86a6731c2a5a7338

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks