General

  • Target

    70654 SSEBACT.r15

  • Size

    465KB

  • Sample

    210915-gyrykadadl

  • MD5

    bf143549606c95d3f42565a7966c4e4f

  • SHA1

    b5a3c3c4f8e454a3cd8bf3a1dea4a6023b5852de

  • SHA256

    ebc999fd981f9cea0d7d285e952ba232d95869b9ddfc33030b98deb0f782a07f

  • SHA512

    b50da76438adcdd01e6f2d21f246902b9ef8fa2d8f9a7f8464fadffe98851d2cfdc72bec9d00e0cf786c3d038e7d3ae0de81416049fad09393d2fd3aceec6677

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    uscentral50.myserverhosts.com
  • Port:
    587
  • Username:
    sales@radheatwaters.com
  • Password:
    waters@789

Targets

    • Target

      70654 SSEBACT.exe

    • Size

      641KB

    • MD5

      4e09874338d28600e8b84184f143bfe8

    • SHA1

      488979983bfa154fbb27563454e67903c37e16c3

    • SHA256

      ca87f3892de6e488e61c352cafc36fc06d0d8b6eb9fc4d5429ff92038c4b134f

    • SHA512

      d58e1582e77fff96197fd7a5d463249ab619a9455a6d1425fdc913f42ac3b60a7fd46ed0f11cac00aee8a97055d86842f7fed1f85cb5a11c59d66a702d7212b2

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks