63b7eef7d3ee93a921ba7c846d2051d74c42d86dc50b92a339353984b0554a18

General
Target

63b7eef7d3ee93a921ba7c846d2051d74c42d86dc50b92a339353984b0554a18

Size

453KB

Sample

220521-pwwsqsbchk

Score
10 /10
MD5

729f4af4bf6ca02c94c625a735d4c084

SHA1

f3f982b714c3e51eed05775ff47378ae59de5d9a

SHA256

63b7eef7d3ee93a921ba7c846d2051d74c42d86dc50b92a339353984b0554a18

SHA512

fd409251ba4c49780cddec230904566ae68943bb7016c5cc60afe166f88c548fa1ed2c9193512461a2249a6b08a62c97bbff909a6540d3c3bc7cf58246944d85

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.moorefundz.com

Port: 587

Username: evra@moorefundz.com

Password: g7g2Ig?Aeh_+

Targets
Target

6月份副料請款明細 高士丰 - TAIEASY.exe

MD5

81a9fd9492afb0f0d7bea535b1ef201a

Filesize

487KB

Score
10/10
SHA1

daae7e3c956973ef70278f3bec0f962df847e853

SHA256

4e9e93f2212fe68f3a0ffe0a1eb732413efd85cc3e94d6d62ebc9558dd8b957c

SHA512

c1095cb393d4b877629029676839c47dffc64aece9b9c09cea5228a9f2e2b19337008b3b0045eb7102def563c71b7681c3420d73e4ae62666f7d2f41d0dbf2fa

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation