Purchase Order_104387.ace

General
Target

Purchase Order_104387.ace

Size

295KB

Sample

211014-f5eq5sgcd3

Score
10 /10
MD5

8511833870ec85c3e1c891d4506c4749

SHA1

1bb2ac339ea17fd3883f710105e2a5d353815d47

SHA256

46d767d8823f727ca63f945df7b4f195946718166d4269bc1994f558daa56ce9

SHA512

7d89bf3db874bd362bb6cbbe16894503e2f22e33c04bfca8daef9b079309635bd5b2faf8dcf5dad4b130f673fba04cfff9f11ad21e402f9dd8334fd022df952a

Malware Config

Extracted

Family agenttesla
C2

https://api.telegram.org/bot2017480070:AAEhICR2Yy5NwasA-Cw1qaDJiUj6zxLU08M/sendDocument

Targets
Target

Purchase Order_104387.exe

MD5

74bd055b47476e3e151a937dcd4bd3dc

Filesize

10MB

Score
10 /10
SHA1

5704a5e3a967a004b30408ed86774cefe6e6de31

SHA256

efaaf6c3c366861beab445a96d8d463d7e461506f86f153acd3e0ed0e635b2b7

SHA512

981ce06d17ac108de7d7a997c2ca6697e9923968c3c20db81a2224093a5573bf0de48bd0d65db31f1481a22b73ca49ec2b6116acb19e7906f7780b60a5a6de44

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation