Operational Instructions BSC BBC.pdf.exe

General
Target

Operational Instructions BSC BBC.pdf.exe

Size

1MB

Sample

210915-hzdm1adbbk

Score
10 /10
MD5

636ca0dbbfd6a5c2915781a46d5db5e0

SHA1

16a0e21f57cc447b8024999bbd67553c2ffb5e6e

SHA256

79ff327848f9254764561866a5b26ed55aa24453aea69b1f42dbcad5ac140b00

SHA512

fac6d0431ed20e56b7ae7d98342fe58bcc215bbccb5cd39c76585b95827c0216ce84e85c55e0055c16c8b901d6a6ceaf75780ea253daf3fd74f07d9840bbc086

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.boydsteamships.com

Port: 587

Username: csanchez@boydsteamships.com

Password: co*tNjEBt4

Targets
Target

Operational Instructions BSC BBC.pdf.exe

MD5

636ca0dbbfd6a5c2915781a46d5db5e0

Filesize

1MB

Score
10 /10
SHA1

16a0e21f57cc447b8024999bbd67553c2ffb5e6e

SHA256

79ff327848f9254764561866a5b26ed55aa24453aea69b1f42dbcad5ac140b00

SHA512

fac6d0431ed20e56b7ae7d98342fe58bcc215bbccb5cd39c76585b95827c0216ce84e85c55e0055c16c8b901d6a6ceaf75780ea253daf3fd74f07d9840bbc086

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Nirsoft

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        9/10