Revised Proforma Invoice_New order.exe

General
Target

Revised Proforma Invoice_New order.exe

Size

622KB

Sample

210928-gwhbcaagfq

Score
10 /10
MD5

3a391e960ff363979a5ac9dc3a95c636

SHA1

8930a2e630f133dfb78e87e06b4f9ecd882a84e1

SHA256

8842d55ed240f4ed04d12d227dfd1c65bc20b72bf79fc5e40daf61d9f3f86d47

SHA512

9ad6f160cef7ba108a88ee963aa224c1766bfb183e7934a88b5a7019788b6874009a4a921f8b853329be940d08de74e3ddb0170e69b60152fbd950a5889a5926

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: s1.20mb.nl

Port: 587

Username: whitesend@billionv.com

Password: fgd436-=/eVNM!!@#)mmnb

Targets
Target

Revised Proforma Invoice_New order.exe

MD5

3a391e960ff363979a5ac9dc3a95c636

Filesize

622KB

Score
10 /10
SHA1

8930a2e630f133dfb78e87e06b4f9ecd882a84e1

SHA256

8842d55ed240f4ed04d12d227dfd1c65bc20b72bf79fc5e40daf61d9f3f86d47

SHA512

9ad6f160cef7ba108a88ee963aa224c1766bfb183e7934a88b5a7019788b6874009a4a921f8b853329be940d08de74e3ddb0170e69b60152fbd950a5889a5926

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks