98d005d093d4c7d1374b62b4c17d226d1959453f8d165a513e0751250ae0da82

General
Target

98d005d093d4c7d1374b62b4c17d226d1959453f8d165a513e0751250ae0da82

Size

363KB

Sample

220521-pvgmesgad5

Score
10 /10
MD5

0e470e885114c22bef19bdd9749e1a46

SHA1

b33f967c5a58b8dc4525d6f40911f2ff1c5a4cd3

SHA256

98d005d093d4c7d1374b62b4c17d226d1959453f8d165a513e0751250ae0da82

SHA512

35392179e77d2719df5be2a6576fe3b003258b295d9194847f6e724be7dcb377fae9701f96a44566d8d13dfc98522d29975d1016e479529532904542eb090d6b

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.dianaglobalmandiri.com

Port: 587

Username: info@dianaglobalmandiri.com

Password: Batam2019

Targets
Target

INVOICE PDF.exe

MD5

8a4712f8fd715e41a2845a6fa53c6809

Filesize

453KB

Score
10/10
SHA1

acdb30b10d3a54c3e431ecfd08b0d8a1653ec776

SHA256

ae9ea028d892118f67f92b5ff6a3a06185e0328a15f844d2209218677154876f

SHA512

1f312e877c187082bdd4c5df981fc5df948c2090d4c67b43cb8b6a79541152b51a02b64967c5d0765850f8573821091f5a58cfa8d1d1c9c51db6a3350d9d11fd

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation