fda.exe

General
Target

fda.exe

Size

840KB

Sample

210727-vvv3rh8na2

Score
10 /10
MD5

8222e7bd5783b30d0a64b6f9e1aec2ab

SHA1

f8a8ba5d2dcffffe488c345134e324c97652d000

SHA256

d19edc2ae1e9d8c99b477c45960499e400afaad377a85475af9eebfc752cecd0

SHA512

e48b583915e4102173de672435af083ede63979030358dc60976f418ea0f860621c9d618733f694c8fd6e1bba6f8406ce587db4548262e0cac98e9cef67ed56a

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.vivaldi.net

Port: 587

Username: faithkingsley@vivaldi.net

Password: kingsofkings123

Targets
Target

fda.exe

MD5

8222e7bd5783b30d0a64b6f9e1aec2ab

Filesize

840KB

Score
10 /10
SHA1

f8a8ba5d2dcffffe488c345134e324c97652d000

SHA256

d19edc2ae1e9d8c99b477c45960499e400afaad377a85475af9eebfc752cecd0

SHA512

e48b583915e4102173de672435af083ede63979030358dc60976f418ea0f860621c9d618733f694c8fd6e1bba6f8406ce587db4548262e0cac98e9cef67ed56a

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation