9d83580b805924c53fcb6e150a8c711b9a8169718883eadbc81aa2b0e6fd3b99

General
Target

9d83580b805924c53fcb6e150a8c711b9a8169718883eadbc81aa2b0e6fd3b99

Size

412KB

Sample

220521-pvcy8sgad3

Score
10 /10
MD5

22af3dbfea5d7cedf0694f415f6e79f9

SHA1

73e549f8df0c42b6fb133241b8e223e44c3ac556

SHA256

9d83580b805924c53fcb6e150a8c711b9a8169718883eadbc81aa2b0e6fd3b99

SHA512

33ab3adbb6106d6bfccdbb8cf44beb769eed23e0b7f3ab12fea4e3a127b470178061b34474b16bf00748221477e9d317d8c9363d827a0362ebc1f49c60cc52ab

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.aquariuslogistics.com

Port: 587

Username: ajay@aquariuslogistics.com

Password: AQL@2019#$

Targets
Target

FIRST PURCHASE ORDER.exe

MD5

dbbac19cfd01ab4e759500a13168a30b

Filesize

714KB

Score
10/10
SHA1

71917c8765aaa6e2869cc1b949bfddf3580457c5

SHA256

fe41fe0b302887f61f20473015f386ab57ddb4cc278b3e1639c07337012a58f4

SHA512

caa08b928acff84a762f64c8c18c332db8f546d003085415560bdc265c3c90953d3e54da5e2031d188beca49e8c891966f8f8de66c8202928045acfd7d80d4ee

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation
                  Tasks

                  static1

                  behavioral2

                  7/10