WELDED PIPES INDENT NO. 2122000642.doc

General
Target

WELDED PIPES INDENT NO. 2122000642.doc

Size

4KB

Sample

210727-xnczj67t46

Score
10 /10
MD5

5c0bc7c7186ad3356a5f3b8d2134e023

SHA1

a4bab1a1edea203951480df4c7b94ff940561f34

SHA256

95cd0e8151fd80f473f886e8c9aa98ce10d3608a8ac9542d848634a3e0f80064

SHA512

e6ddfdf9e42836675d3e7f8c2f310e74a3765f708b0d70f84c9f3ad0ee683dc249911cab0cc2162e8028ef832afe6dc4ca106cb9feff4d445140fa9fb23ce970

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: davide.montorro@arss-it.me

Password: HOPEFULYETLost@1989

Targets
Target

WELDED PIPES INDENT NO. 2122000642.doc

MD5

5c0bc7c7186ad3356a5f3b8d2134e023

Filesize

4KB

Score
10 /10
SHA1

a4bab1a1edea203951480df4c7b94ff940561f34

SHA256

95cd0e8151fd80f473f886e8c9aa98ce10d3608a8ac9542d848634a3e0f80064

SHA512

e6ddfdf9e42836675d3e7f8c2f310e74a3765f708b0d70f84c9f3ad0ee683dc249911cab0cc2162e8028ef832afe6dc4ca106cb9feff4d445140fa9fb23ce970

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • CustAttr .NET packer

    Description

    Detects CustAttr .NET packer in memory.

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral2

                  1/10