6b358e7947ac67fa83c41b8ea0616367ef7fc381af1c75a63fddc135bb012ac9

General
Target

6b358e7947ac67fa83c41b8ea0616367ef7fc381af1c75a63fddc135bb012ac9

Size

369KB

Sample

220521-pwnr5abcgl

Score
10 /10
MD5

142467d4e209bfff239ee1f58a59ec27

SHA1

8e1cb0d2443996cf6d0e686316a0b9028b42c64b

SHA256

6b358e7947ac67fa83c41b8ea0616367ef7fc381af1c75a63fddc135bb012ac9

SHA512

1469f0a35ebdc80ff0f92628af45e3c183250573e9dbf6e93e506740ef7595d0f87c23464f38afa8d0b336fb1ea12e68fcab86da51d0ee306a5a8242be59cb34

Malware Config
Targets
Target

PO 4800049984.exe

MD5

ad5ecefbac91d7cee3191da22872e2ec

Filesize

405KB

Score
10/10
SHA1

c4c6bc3ce6e2ee682982403e97eb5364ebd9b01d

SHA256

301c31d38f7cb13d8128b53666c66e251d7a398c1b0fdae66d52ab0d377852ef

SHA512

0375ba09e09e00c63aa8d20d3c25751139c2b5bfc98f8664258349b696a0edc001c5070a38968325887943b8b07a8c6b8f89a8ca1c10c41db7113c2ae568cd87

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation