fda.exe

General
Target

fda.exe

Size

909KB

Sample

210727-r9bs1ry8ej

Score
10 /10
MD5

9988685bdb69c34939c270df2eff6d47

SHA1

b4aa67fe963f14a8ac6220d8953960a86d7bcdd1

SHA256

f367ab08d8884ebda2ca7101fa509d1216f66c9e788d1b729ce605959f2f57ca

SHA512

c535fec6cffebc266858e46d6ef8b6405a2ac9e50d946d40faf64131eb866611d32b1d9906c70923f075d00e2e88c74afb284d198277c4ef0abaaa24ff9ded7b

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.vivaldi.net

Port: 587

Username: faithkingsley@vivaldi.net

Password: kingsofkings123

Targets
Target

fda.exe

MD5

9988685bdb69c34939c270df2eff6d47

Filesize

909KB

Score
10/10
SHA1

b4aa67fe963f14a8ac6220d8953960a86d7bcdd1

SHA256

f367ab08d8884ebda2ca7101fa509d1216f66c9e788d1b729ce605959f2f57ca

SHA512

c535fec6cffebc266858e46d6ef8b6405a2ac9e50d946d40faf64131eb866611d32b1d9906c70923f075d00e2e88c74afb284d198277c4ef0abaaa24ff9ded7b

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation