General

  • Target

    68b7b1331ac3e940dde690483900f34877e23da9fb8dcc891207a0d996aa58b3

  • Size

    1.0MB

  • Sample

    220521-n62w3ahhdr

  • MD5

    04a4a9a13029581f61fdffee31f5fd08

  • SHA1

    a34f23791dfdc13195b19d9157eb2708bc5f2970

  • SHA256

    68b7b1331ac3e940dde690483900f34877e23da9fb8dcc891207a0d996aa58b3

  • SHA512

    ccfa5c8de56ee3409365611d9e1007e87d0e1e814c8db1e7f3e7dc141a194d9fb19a62df2d374f8585494be345b98d31c42393a4f05a9c15b9978279195272ea

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    handofgod123

Targets

    • Target

      68b7b1331ac3e940dde690483900f34877e23da9fb8dcc891207a0d996aa58b3

    • Size

      1.0MB

    • MD5

      04a4a9a13029581f61fdffee31f5fd08

    • SHA1

      a34f23791dfdc13195b19d9157eb2708bc5f2970

    • SHA256

      68b7b1331ac3e940dde690483900f34877e23da9fb8dcc891207a0d996aa58b3

    • SHA512

      ccfa5c8de56ee3409365611d9e1007e87d0e1e814c8db1e7f3e7dc141a194d9fb19a62df2d374f8585494be345b98d31c42393a4f05a9c15b9978279195272ea

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks