PRINT.doc

General
Target

PRINT.doc

Size

3KB

Sample

210727-sja5akvxlx

Score
10 /10
MD5

66dd7813d08a65abe076c78f3b2e2699

SHA1

cd2a9026496865e395723ccb68a39fabeed06f2c

SHA256

c1a3563931fa2243d1ebb352779d3d94869ee26a38c87c257c2a02022845986a

SHA512

68cd37dab8b5c57ee6552671fda211f6f8f120024f6ad4a21462e1e9b5114091a4ef39cf1359eb0c76d69c58e2c02cba0055868a2b13b48267f392db750e96ac

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: chamara.kuruppu@organigram-ca.icu

Password: HELPMEGOD@1321

Targets
Target

PRINT.doc

MD5

66dd7813d08a65abe076c78f3b2e2699

Filesize

3KB

Score
10 /10
SHA1

cd2a9026496865e395723ccb68a39fabeed06f2c

SHA256

c1a3563931fa2243d1ebb352779d3d94869ee26a38c87c257c2a02022845986a

SHA512

68cd37dab8b5c57ee6552671fda211f6f8f120024f6ad4a21462e1e9b5114091a4ef39cf1359eb0c76d69c58e2c02cba0055868a2b13b48267f392db750e96ac

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Tags

  • AgentTesla Payload

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral2

                  1/10