Purchase_Inquiry_pdf.exe

General
Target

Purchase_Inquiry_pdf.exe

Size

552KB

Sample

210915-hzdm1aaag2

Score
10 /10
MD5

5fc50cecdc7da2761f4ccce4b2c1362f

SHA1

536420b712568d288112f7f38c4e79792be0c107

SHA256

107c8bfec5d8a4e23c429692da4204025bb77fe71ff6b56a6804f5f19dc820c1

SHA512

d0e3660d667eeeb800d305516be5fab496e9ea8aaccb271867c4de41a74298b2031424dbc5aca211aa4f30f9e739923dfa9cd124ea8392f174588d6358aefce0

Malware Config

Extracted

Family agenttesla
C2

http://bot.statusupdate.one/webpanel-charles/mawa/e22cc3544e8953ec6191.php

Targets
Target

Purchase_Inquiry_pdf.exe

MD5

5fc50cecdc7da2761f4ccce4b2c1362f

Filesize

552KB

Score
10 /10
SHA1

536420b712568d288112f7f38c4e79792be0c107

SHA256

107c8bfec5d8a4e23c429692da4204025bb77fe71ff6b56a6804f5f19dc820c1

SHA512

d0e3660d667eeeb800d305516be5fab496e9ea8aaccb271867c4de41a74298b2031424dbc5aca211aa4f30f9e739923dfa9cd124ea8392f174588d6358aefce0

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks