6647473163108352.zip

General
Target

6647473163108352.zip

Size

732KB

Sample

211231-mfe4yafcfj

Score
10 /10
MD5

edc795bfc47de956665640fbac377a31

SHA1

489c96bc473ae2fa47a71a0231319a0cda538339

SHA256

c1b1647d0139cec7502ac097db85343e037559ed0afacab08f50a29e0adadfe1

SHA512

f5e02aab1643c7f1d06a2ac05ad8d9afe7e6706827cff6f0e953fd79a970a78ac966a4b142ea4a1904a1450024f4350063ee2239c5a954173689bebc27ad2e3b

Malware Config

Extracted

Family agenttesla
C2

https://api.telegram.org/bot2049439171:AAHTF-OzMCy9i3S0b0hmaVc_mUsY0h6Ue_w/sendDocument

Targets
Target

3a4fc42fdb5a73034c00e4d709dad5641ca8ec64c0684fa5ce5138551dd3f47a

MD5

02991d493aedc4e3b544cf5b9ee57499

Filesize

300MB

Score
10/10
SHA1

1de6c330b46ac1de2ec149cdc5c3c4f3da979863

SHA256

3a4fc42fdb5a73034c00e4d709dad5641ca8ec64c0684fa5ce5138551dd3f47a

SHA512

78ba8d96f2c2a91e951980abff59b256ab5e4297bbc12ca9f6a9fcc54036391b177907d74061459a44d2527c92bb47f8ef13a69ef8500fd303dfc41a1c89300d

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation