General

  • Target

    c6ea4ff1f1d48cef4271b4455625b446fc98772e4633d85e80964f714fa53115

  • Size

    365KB

  • Sample

    220521-nqzf1aead2

  • MD5

    7e4616a82cb7b4ce410de59c30f7cae6

  • SHA1

    04479d6395df1547a475296f55e6f351752a4073

  • SHA256

    c6ea4ff1f1d48cef4271b4455625b446fc98772e4633d85e80964f714fa53115

  • SHA512

    7571569775d531c104d946d095e4bfde20ad523959105696a9017a5faa77b55de7471a11e9304b7496d12cd70d06a97d2543073a960326fde1c31a8f170da549

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    logsdetails0@yandex.com
  • Password:
    Hunter$#@145722

Targets

    • Target

      Swift Receipt.exe

    • Size

      444KB

    • MD5

      cf7b55938109119ae7a75b29cf792137

    • SHA1

      1c2bbd9c0f343ccd748dd7252b9737e6b61308cb

    • SHA256

      2088534f73106229d20329297ac7079561b2c6d2ab60631af0b29e416389839a

    • SHA512

      8bf77e3b8facf35b1318f100904e2f26b0b9e75096eb0e66d614370638c2af6faf3322e75335441fdc0f35cb69eca3b4afa85f3098c2f2c893ec853322a8077e

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Accesses Microsoft Outlook profiles

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Collection

Email Collection

1
T1114

Tasks