0c46c876f6b444739b4f4cbf6fc9a2f5

General
Target

0c46c876f6b444739b4f4cbf6fc9a2f5

Size

683KB

Sample

210727-vv2wskjjzx

Score
10 /10
MD5

0c46c876f6b444739b4f4cbf6fc9a2f5

SHA1

e241ae919b6554eb5c556a88ca2d7ca2eeb4ff98

SHA256

1fce43899f8b6267ca55c5f4ad85a48a191f130d936dabeae013f5d626068ece

SHA512

fc2b4820ceb210ca4d210209157468f6437564edf50b1341524d428efcf18ec9a5ac3064e4af443ed3d68786260bce56f130ca082c730ba4c5536956aa0eae45

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: davide.montorro@arss-it.me

Password: HOPEFULYETLost@1989

Targets
Target

0c46c876f6b444739b4f4cbf6fc9a2f5

MD5

0c46c876f6b444739b4f4cbf6fc9a2f5

Filesize

683KB

Score
10 /10
SHA1

e241ae919b6554eb5c556a88ca2d7ca2eeb4ff98

SHA256

1fce43899f8b6267ca55c5f4ad85a48a191f130d936dabeae013f5d626068ece

SHA512

fc2b4820ceb210ca4d210209157468f6437564edf50b1341524d428efcf18ec9a5ac3064e4af443ed3d68786260bce56f130ca082c730ba4c5536956aa0eae45

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                    Privilege Escalation
                      Tasks