General

  • Target

    f11cb17b9fabf7f07003b5ba779a28285369a13120dcfe25345d0e4eec7bbcca

  • Size

    1.2MB

  • Sample

    220521-m63ypadbf2

  • MD5

    06e70432dfd2bcf805c62302b533dbab

  • SHA1

    39c711c8df02932a93015a6a197b2b202ac92f56

  • SHA256

    f11cb17b9fabf7f07003b5ba779a28285369a13120dcfe25345d0e4eec7bbcca

  • SHA512

    78e876d290a64a49ae398f6a79c436abe8fbef6b082b38009b8009aa83d57d476030c196511aac653cc2a790ebeb894027fac0fa21e24127f8d8bd4541d5ea06

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.durainteriordesign.com
  • Port:
    587
  • Username:
    sultan@durainteriordesign.com
  • Password:
    successman12

Targets

    • Target

      PO20201.exe

    • Size

      1.6MB

    • MD5

      144ef7cef25ba3310000ddb81ec5192c

    • SHA1

      b1ab1c5509afb2fda7cf8de4df971ec24ae48e49

    • SHA256

      ef198e1bc193d5b0e033b27059f10e3ae7a5b696f2157bda94d765cc353d6952

    • SHA512

      343cbb325758832b4f7a683fe28aad451f790c450e1ec49e57ca3c71c57ae15b825b878ca2db923070fc8cfe7c97b8104da80eda2e5bcc732a83bd934f1d11fa

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Drops startup file

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Collection

Email Collection

1
T1114

Tasks