4d33581674e1cea0cd2a265543579349ee187def2c6df7bff74722689503bd90

General
Target

4d33581674e1cea0cd2a265543579349ee187def2c6df7bff74722689503bd90

Size

372KB

Sample

220521-pxdcsabdbk

Score
10 /10
MD5

c92cb1c0bd435ab469a5a95a86580c7e

SHA1

c9c53ccb26017a1f39b448fad48073dfc6ada949

SHA256

4d33581674e1cea0cd2a265543579349ee187def2c6df7bff74722689503bd90

SHA512

e9b1ea9ac9e6c06a8169d67e4202874948392b3a9dee160cd49e7884c73cba7f1218b8818026398fa56e469c5b648628591d65beeeb1578d04383f892ee926bc

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.annlap.com

Port: 587

Username: huverteamup@annlap.com

Password: Control84@

Targets
Target

UbTzPympGiUdkff.exe

MD5

802b118ff57572e15f3693056c9b4321

Filesize

507KB

Score
10/10
SHA1

cff1265315ec41c11b1d62dde2fe249ecf0d227a

SHA256

98aa25661d1240483f21cb7f2cdade8ba0ee681fef926ff56ef6ced2c4477527

SHA512

9076c6a6350a060d4e9ebaf0c76f1163eb0bc31121f1eefbeb6aa31c088af8dd960a2e0d1de73079f4d29fe70f59904759c97b12dca90f03e07c4deb932a5801

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Privilege Escalation