General

  • Target

    SKU10088002 loading photos and container comm inv and packing list.exe

  • Size

    566KB

  • Sample

    211021-q1tdvabcbp

  • MD5

    0e8b01d10cce62d28f58897bad493b57

  • SHA1

    63cddbb8231c3f1d61fb528cb74902d047038018

  • SHA256

    b1fe3e4522b701047d35e034db5ed2e9b8b10619b15f3d1a0b44b8da1a499352

  • SHA512

    86506f1bb54d5f7362bfbe548737af89cf4c0afe939152619d6bd08460b086ebca47cb35b18a273e82bb27f6c7400665883635612d2245bc18509b131a9dc4ef

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.electronmash.com
  • Port:
    587
  • Username:
    office@electronmash.com
  • Password:
    Zanzibar2018

Targets

    • Target

      SKU10088002 loading photos and container comm inv and packing list.exe

    • Size

      566KB

    • MD5

      0e8b01d10cce62d28f58897bad493b57

    • SHA1

      63cddbb8231c3f1d61fb528cb74902d047038018

    • SHA256

      b1fe3e4522b701047d35e034db5ed2e9b8b10619b15f3d1a0b44b8da1a499352

    • SHA512

      86506f1bb54d5f7362bfbe548737af89cf4c0afe939152619d6bd08460b086ebca47cb35b18a273e82bb27f6c7400665883635612d2245bc18509b131a9dc4ef

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

3
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Tasks