General

  • Target

    88801297a310f88fd29cf5b1e9066eee829a6bf43fe65108f4bc64932b1e845b

  • Size

    1.1MB

  • Sample

    220415-be7xsafebk

  • MD5

    50c6bb03817dd9b96add801c1642aafd

  • SHA1

    42e5177efdcea6bf3e83d06b5d34d0115740c62d

  • SHA256

    88801297a310f88fd29cf5b1e9066eee829a6bf43fe65108f4bc64932b1e845b

  • SHA512

    42f3454df915b27a8711276c04bf07bfcef1b12a032cd3399b3526bb37c20473ebd0b9a054e79dd2c7b52c6bbc7ac0e92a222235f0d0a1aebc938ea792680f05

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.transgear.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    purchase@2020*

Targets

    • Target

      88801297a310f88fd29cf5b1e9066eee829a6bf43fe65108f4bc64932b1e845b

    • Size

      1.1MB

    • MD5

      50c6bb03817dd9b96add801c1642aafd

    • SHA1

      42e5177efdcea6bf3e83d06b5d34d0115740c62d

    • SHA256

      88801297a310f88fd29cf5b1e9066eee829a6bf43fe65108f4bc64932b1e845b

    • SHA512

      42f3454df915b27a8711276c04bf07bfcef1b12a032cd3399b3526bb37c20473ebd0b9a054e79dd2c7b52c6bbc7ac0e92a222235f0d0a1aebc938ea792680f05

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks