COSCO SHIPPING AGENCY.rar

General
Target

COSCO SHIPPING AGENCY.rar

Size

520KB

Sample

210915-hnm3asaac5

Score
10 /10
MD5

8780698494c447a5b1837b7256adc8b8

SHA1

862dab75929a91f8f22025b9ca195d58df5e0af6

SHA256

3711fe2e62b7f27e9c09c78aeff22d72ef951626fd342b4c0571720cb0deb692

SHA512

544c71b230a9d38e7eb66054c9bfe3bbc730f93aa714c686b8eaa1e5dab87950c07ddddbb36c99c72b20a916a625041fa33cc9ef70b1ac128c3ab3e5d2511022

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.rosaritoindustries.com

Port: 587

Username: inquiry@rosaritoindustries.com

Password: aircondivision2019

Targets
Target

required.exe

MD5

08a652c3adb52cc860c1b35dc2838f23

Filesize

1MB

Score
10 /10
SHA1

6d630ca20b831dfa6db2b33ea1f0a256a1d13e60

SHA256

63e6198cee195250e7ef3aedecfacdfeb6fdbce9e4f3fd9c1260ef67075819a3

SHA512

7df0d8df46a9b44652a239c969f2da6bc81f15b91cc6ecfef9b904caf27dc73fa37494113651931f5c866e1f8b42503279addb0d209997a13cd646421d198c5f

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation