General

  • Target

    documentos Fedex.js

  • Size

    1KB

  • Sample

    220103-rt6ahahhal

  • MD5

    42a82a614937b74596344fa2a1a7c737

  • SHA1

    c13081e8eba34ca1619f7e8a11e2e8677878d292

  • SHA256

    46dd53f3096877a4cad89b77f2d23018d8bc5887a9c0d699cb43ffe9d0b5e29d

  • SHA512

    a9841b2fb08bc50a6476d366d5f8a44e1dec00d541f81e2a5829a09221313efe535470d06b0c5aa5c4d3beb3c4c18a72f96cfab329e88e66b39ce416ad7bc601

Malware Config

Targets

    • Target

      documentos Fedex.js

    • Size

      1KB

    • MD5

      42a82a614937b74596344fa2a1a7c737

    • SHA1

      c13081e8eba34ca1619f7e8a11e2e8677878d292

    • SHA256

      46dd53f3096877a4cad89b77f2d23018d8bc5887a9c0d699cb43ffe9d0b5e29d

    • SHA512

      a9841b2fb08bc50a6476d366d5f8a44e1dec00d541f81e2a5829a09221313efe535470d06b0c5aa5c4d3beb3c4c18a72f96cfab329e88e66b39ce416ad7bc601

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    • AgentTesla Payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks