5ebde73bdf8d6dd3be4faa6125da6780ddcc12c3ba2fffba1943b188576d1d4e

General
Target

5ebde73bdf8d6dd3be4faa6125da6780ddcc12c3ba2fffba1943b188576d1d4e

Size

1MB

Sample

220520-qzlydaech9

Score
10 /10
MD5

79b0a398726e3ce4eead1a08fa859bf4

SHA1

9dd4497ad6a662d59fd34274bf665bec841ef784

SHA256

5ebde73bdf8d6dd3be4faa6125da6780ddcc12c3ba2fffba1943b188576d1d4e

SHA512

de78cf21aa1b67dd8a352ddc4a4b9cbb437d2e5500eb0caf882bc10489c81f3ed77bb4f6703acca80869bc0fdb2be02c61f6d842c810c0255b3d20d8951ab87a

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.karmachalets.co.in

Port: 587

Username: akshya@karmachalets.co.in

Password: Akshya@123

Targets
Target

ARRV_00011004_CGS4250506pdf.exe

MD5

ab058ec451bac8a417468aa9bd7b5fc0

Filesize

1MB

Score
10/10
SHA1

623dc4c4af0f882939cca44117395e965c58c6ca

SHA256

3d03d3d5e9188be6389f0a9cf58e0436a9c9ea800a355a2249867fd3400350b6

SHA512

15fe082844d0b9ec4008318e258ad8ce6cb0302bc6458a7f2ff4d6cb45bbca07c1429ec688cc6e8b126b6049645bb071cc6b43bc51634dd4c25c9c5fa23dba78

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Detected potential entity reuse from brand microsoft.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation