POINQUIRYRFQ676889.exe

General
Target

POINQUIRYRFQ676889.exe

Size

561KB

Sample

210915-hvcvxaaae9

Score
10 /10
MD5

53b0c3e53c10c0218e7cb62bec4f15c6

SHA1

b84d64fda9b2dc8eec7e7d2da47a38a8d43b4ed1

SHA256

d18a2a92ede457f61ce8bbf06fe5efa80cd086926cf32641326089e9da49de1b

SHA512

c07b80d92e60e31f2fc86184d647d4cec5c5ef6129eae59380a0fba5614ef8fc595212364da1f2a19ab86c035cce63d0e5104f8094ffacee8d3cd65cb76f6d2c

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.bonfigliolli.com

Port: 587

Username: echezona@bonfigliolli.com

Password: ^vccXHY6

Targets
Target

POINQUIRYRFQ676889.exe

MD5

53b0c3e53c10c0218e7cb62bec4f15c6

Filesize

561KB

Score
10 /10
SHA1

b84d64fda9b2dc8eec7e7d2da47a38a8d43b4ed1

SHA256

d18a2a92ede457f61ce8bbf06fe5efa80cd086926cf32641326089e9da49de1b

SHA512

c07b80d92e60e31f2fc86184d647d4cec5c5ef6129eae59380a0fba5614ef8fc595212364da1f2a19ab86c035cce63d0e5104f8094ffacee8d3cd65cb76f6d2c

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks