7fcc7dbe57a4045b1566788a242f89dfe4d971d63e7154b6e697b848594eff26

General
Target

7fcc7dbe57a4045b1566788a242f89dfe4d971d63e7154b6e697b848594eff26

Size

554KB

Sample

220521-pwakhagaf8

Score
10 /10
MD5

e988fe354986a1b9f4af998f6dd0ab56

SHA1

11f7c99f34bd92158450da0b282b15cb7ac2ccb6

SHA256

7fcc7dbe57a4045b1566788a242f89dfe4d971d63e7154b6e697b848594eff26

SHA512

b731b3d080edb28ebc0347f252d7d852671e8c208f6b65f089a85027d82e12531d63d559417093536ff9bffe0d1d65c5feebf782c53644dca7454d2f2e51ac3b

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: admin@mafo.cc

Password: success21

Extracted

Credentials

Protocol: smtp

Host: mail.privateemail.com

Port: 587

Username: admin@mafo.cc

Password: success21

Targets
Target

PO-Jiehong20959481.exe

MD5

ff286368558ae7854524c438ad15702b

Filesize

665KB

Score
10/10
SHA1

d15e322714b7c85266ea053c535ff73f4349476a

SHA256

b642527e686b781a602fb322e7d34d0f18748778de42a0e3774d9990a71e2c92

SHA512

cc97e0232e3537929c8ba50eabb2f61ecc0cb29faac8ed970fd632a8784d4c789b3964f5a141d98667bf8379846b281bda0f0c29d872a50a3612d513de572f96

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation