Purchase Order 2892808.gz

General
Target

Purchase Order 2892808.gz

Size

518KB

Sample

211014-fm8lhagagp

Score
10 /10
MD5

f07c261ba4962987202f1fcf1caf6a2b

SHA1

93ceea4ba93474c0efde5d38d840b241e3bc490c

SHA256

230490d1bc0790dc0beff66b50ed03ccaff43259adc28aa29926a5a723ca8af2

SHA512

5a4181bb2f6ace44c9b580f706ab7525ef0184d1841551318766a8e629d09cf25e38dbbe6bc8f4fb7927aaf712f4864b00190182fcece03b0d34807517e30370

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: webmail.emirtecnt.com

Port: 587

Username: reporting@emirtecnt.com

Password: Amazinggrace123

Targets
Target

Purchase Order 2892808.exe

MD5

54c9b215e30e50b7f9f559b414737d10

Filesize

562KB

Score
10 /10
SHA1

56015460883c19c741a26b9d94b27952f67ec656

SHA256

9b674819f4cfeff2ecac04486fa031d913d78e5649dee0e3acf0b4078f4fee74

SHA512

1d15db38dff0619df154ec814a192076909f6de6133c8aef189b4189c3b1e5a8e3e51681dd4a691c1beb4758a0605ef3537d0d7b0fa006fa840423376457e797

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation