80cec57aab0dcd1c41196a6c230bbdf0019c08e6ebf2531c0d7b4f95ed1031ea

General
Target

80cec57aab0dcd1c41196a6c230bbdf0019c08e6ebf2531c0d7b4f95ed1031ea

Size

378KB

Sample

220521-pv8qxagaf6

Score
10 /10
MD5

c6d08fc27e652eed1362bd4bde557e8c

SHA1

f72e3bdbbd070a2042934dfc1d623096034028a2

SHA256

80cec57aab0dcd1c41196a6c230bbdf0019c08e6ebf2531c0d7b4f95ed1031ea

SHA512

99856de5bf50ac74ccb8016e0ba3f109af00b9c11ee51c810ddb251eae9a6a7ef89dce6b1f89847fe51ebe9126d315e5e86a0ed3d810eca50bd822961b670064

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.mail.ru

Port: 587

Username: chibyke7@mail.ru

Password: nevergiveupsure

Targets
Target

Specification Details.exe

MD5

f561e022d4f785bf725ad0de24f8dc88

Filesize

413KB

Score
10/10
SHA1

6eda2996d502410977790be4a6976ea7747bdf2e

SHA256

bd7ff9e1c774994bdb69476411ede44d9b837f4f1994bdfdf620e766d500b1a8

SHA512

e7b6328f9b74e07489bd1b5d9edd0163d8196ae6abd0968de6924cf548825755bccb734dca47535058c2775cf992982929a085d379b7558e3fb61d0b6e95f501

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation