RxAg5d0XQf9QdOX.exe

General
Target

RxAg5d0XQf9QdOX.exe

Size

502KB

Sample

210915-hxnp7aaaf8

Score
10 /10
MD5

c22accdb6ab455ea2856e6305b73f79e

SHA1

7f42fb340e1dcceb111437c91df7035abf19467b

SHA256

4d32cde8b04dae775b23225a0a79b1165b778caac83033b3ed1a6b1e564e85cb

SHA512

1e1097ce6411f89cbabfcac82288e501aeecfe7cf69b961db7e7dd20abf6391980d169b850b1a7e724d93f9bf21e499b4fadab769af9051378398f909143c2dc

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.priserveinfra.com

Port: 587

Username: operations@priserveinfra.com

Password: oppipl121019

Targets
Target

RxAg5d0XQf9QdOX.exe

MD5

c22accdb6ab455ea2856e6305b73f79e

Filesize

502KB

Score
10 /10
SHA1

7f42fb340e1dcceb111437c91df7035abf19467b

SHA256

4d32cde8b04dae775b23225a0a79b1165b778caac83033b3ed1a6b1e564e85cb

SHA512

1e1097ce6411f89cbabfcac82288e501aeecfe7cf69b961db7e7dd20abf6391980d169b850b1a7e724d93f9bf21e499b4fadab769af9051378398f909143c2dc

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation