KAF-PR-21-F-3089_pdf.exe

General
Target

KAF-PR-21-F-3089_pdf.exe

Size

544KB

Sample

210915-hqehyaaac9

Score
10 /10
MD5

b5fdcd6723e679c54a5f8652c59bc52a

SHA1

fc83546ee73bea22ea563b9644700abef62d0ef2

SHA256

245e18b14a6b231f2a89b812dace828478aa24419d600e2ac8c7acd989320e1a

SHA512

788e6a270a1c05dad9bb322224ea62d6615828ab744e24879c363858ec68b8dddc83ecb0b4f99f39e594625b4effb26499d4fd07d11188ec6fb558fba93fb4a3

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.fclbd.com

Port: 587

Username: ctg@fclbd.com

Password: abc@123@

Targets
Target

KAF-PR-21-F-3089_pdf.exe

MD5

b5fdcd6723e679c54a5f8652c59bc52a

Filesize

544KB

Score
10 /10
SHA1

fc83546ee73bea22ea563b9644700abef62d0ef2

SHA256

245e18b14a6b231f2a89b812dace828478aa24419d600e2ac8c7acd989320e1a

SHA512

788e6a270a1c05dad9bb322224ea62d6615828ab744e24879c363858ec68b8dddc83ecb0b4f99f39e594625b4effb26499d4fd07d11188ec6fb558fba93fb4a3

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation