3345a4c46fec18ca55f32a05404a2ffdafdb6de93b000a1881da387e17a50b42

General
Target

3345a4c46fec18ca55f32a05404a2ffdafdb6de93b000a1881da387e17a50b42

Size

384KB

Sample

220521-px5f9sgbe8

Score
10 /10
MD5

3b1746728917ea3e5ba991574726be00

SHA1

e554c8046d6cf6039e457bc4167571ce748be69a

SHA256

3345a4c46fec18ca55f32a05404a2ffdafdb6de93b000a1881da387e17a50b42

SHA512

cc32209fd2cf8ed6e66c80f070ab1cc5f061f1dec32f4f44d336e9acccf64fe17390fbdda43577a5a93ce89feba7c14770f6785cc94a372fd4afbbdae07ca71e

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.saamaygroup.com

Port: 587

Username: ashimdutta@saamaygroup.com

Password: pawan100

Targets
Target

Payment Invoice-.exe

MD5

0657f318a479e4ef02b4eb081ae1f8a4

Filesize

417KB

Score
10/10
SHA1

dbb0026898b304f2b90347e9240a9a39514a4936

SHA256

be21fe83f9230cc17ae46dc93ef917972b39f41da97ee9dfcd75099fc1b2b65d

SHA512

7fec8f109d68b7b3ad1f76b3aef53ff02b37258d028b0f4ecbb748821f9b128308fc6094cbb403e787bbc71219c4f03ce9d028bc6c793b362c3a2f42c2f59506

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation