Doc-CS3.rar

General
Target

Doc-CS3.rar

Size

516KB

Sample

211014-fnbm6agahj

Score
10 /10
MD5

056bf6e26a5642bfba7d4467d929eb92

SHA1

963b34cef3e144d10643a935114e6e1645fd971b

SHA256

16d82530ebe9491a76946b33ca441bf9f61bb5cc4404611746775a3157e7bd43

SHA512

01ad2421cd17d1537a26e59b2bddc309da30d3abec6d2ac3af7302532b33c4b983bce0e1d710641da3badeaec629284b6a25651ffffe6c964ffec3c0e0dcd569

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.alraedsecurity.com

Port: 587

Username: tauseef@alraedsecurity.com

Password: Alraed99pass@

Targets
Target

Doc-CS3.exe

MD5

c9fa29e6e303450e5c9890518d27ebfa

Filesize

548KB

Score
10 /10
SHA1

314d358046143e4d4dd88e3d7dc0db9e9b999947

SHA256

be91eb148b36528adb2b49362c50a099cf0cfbf5f1d5bd18ce88751b3c779ae6

SHA512

a634a6657ae92b28cbb6896c92cdaa5be866f12d5106523bb8363e290dbebfea0381cf08d1f7ec93a1d127ba551b2e80170383fee5f2a57bd3030e3da1aaedca

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation