General

  • Target

    51347d09f43b9793fa2b1323321c1aba45041b1fb353543d38a032e1a153fe01

  • Size

    1014KB

  • Sample

    220415-pv7tlshegm

  • MD5

    86e7fd7047611fd807682deb81b54435

  • SHA1

    4f1088d77e29bc587d5c68e0bfefd9a4a95284e5

  • SHA256

    51347d09f43b9793fa2b1323321c1aba45041b1fb353543d38a032e1a153fe01

  • SHA512

    8dd14a54f724a24a51df8cd0bd248a5dce28dba36776f8a1d6a17e9014e3f0328bfb6a4ae629053ec7e3cb1da323c374ed5b6f43004dddb2258449488a95595c

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    stanstan22

Targets

    • Target

      51347d09f43b9793fa2b1323321c1aba45041b1fb353543d38a032e1a153fe01

    • Size

      1014KB

    • MD5

      86e7fd7047611fd807682deb81b54435

    • SHA1

      4f1088d77e29bc587d5c68e0bfefd9a4a95284e5

    • SHA256

      51347d09f43b9793fa2b1323321c1aba45041b1fb353543d38a032e1a153fe01

    • SHA512

      8dd14a54f724a24a51df8cd0bd248a5dce28dba36776f8a1d6a17e9014e3f0328bfb6a4ae629053ec7e3cb1da323c374ed5b6f43004dddb2258449488a95595c

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks