General
Target

PO NO. P0008005.exe

Size

8KB

Sample

210817-c7rr51256x

Score
10/10
MD5

1e621a8a257d325510d24f67ce352123

SHA1

f32e0824226e0e9d387f56c3f05f3d64481005dd

SHA256

12a978875dc90e03cbb76d024222abfdc8296ed675fca2e17ca6447ce7bf0080

SHA512

29a310a4d3cb27dedd7d2737e9585ae82b5b2cd647b15a62253e6ddcad9ea97a1170cb9f1a87042fdba351591f1c3a9aac6d2e9d4aef21d0b10a9bdfbebbde92

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp

Host: ftp://ftp.avatar.ps/

Port: 21

Username: loggid@avatar.ps

Password: tpe2zfF]j0Xc

Targets
Target

PO NO. P0008005.exe

MD5

1e621a8a257d325510d24f67ce352123

Filesize

8KB

Score
10/10
SHA1

f32e0824226e0e9d387f56c3f05f3d64481005dd

SHA256

12a978875dc90e03cbb76d024222abfdc8296ed675fca2e17ca6447ce7bf0080

SHA512

29a310a4d3cb27dedd7d2737e9585ae82b5b2cd647b15a62253e6ddcad9ea97a1170cb9f1a87042fdba351591f1c3a9aac6d2e9d4aef21d0b10a9bdfbebbde92

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Downloads MZ/PE file

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      Score
                      N/A

                      behavioral1

                      Score
                      10/10

                      behavioral2

                      Score
                      8/10