General

  • Target

    c8a957eace4c7c36c4ef77fd3f1433b1aa3c3ff702a38a07b065dc64c731666d

  • Size

    573KB

  • Sample

    220415-plfc1ahagk

  • MD5

    e980e4958aca75c6162b09abd9a039f0

  • SHA1

    87b91398055bedee386d06600c56b9e0441cad5a

  • SHA256

    c8a957eace4c7c36c4ef77fd3f1433b1aa3c3ff702a38a07b065dc64c731666d

  • SHA512

    fff51b426f8ad3ccc853e197d5318dbe02a0b01373e02c8892af0b4dbd6fbf3bca96a232e8e8d5aebe892617859f983784da050e4f73122c18b19ccdf7120ac5

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.cl-logistics.vn
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    zG@.]Zj4cRxA

Targets

    • Target

      c8a957eace4c7c36c4ef77fd3f1433b1aa3c3ff702a38a07b065dc64c731666d

    • Size

      573KB

    • MD5

      e980e4958aca75c6162b09abd9a039f0

    • SHA1

      87b91398055bedee386d06600c56b9e0441cad5a

    • SHA256

      c8a957eace4c7c36c4ef77fd3f1433b1aa3c3ff702a38a07b065dc64c731666d

    • SHA512

      fff51b426f8ad3ccc853e197d5318dbe02a0b01373e02c8892af0b4dbd6fbf3bca96a232e8e8d5aebe892617859f983784da050e4f73122c18b19ccdf7120ac5

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • AgentTesla Payload

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks