40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd

General
Target

40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd

Size

364KB

Sample

220521-pxrkeagbd4

Score
10 /10
MD5

17a7442de0c8ba25ceb7aaeb4a0c6610

SHA1

cf133f9a3a49567f3591734b250839043bd7d31d

SHA256

40a48007e9bc524140d372814fcd7e03cbb2edd0689d03b4efe91aeefe7b7acd

SHA512

e8e78d15a0ea3c819cce6961dc7117402b1db155f7ef74530d30a4b0df1f1135dd96f28e9c4452d2f4e348fb341f33daff4002e378e9ca2687cd339c7ed2039f

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.parshavayealborz.com

Port: 587

Username: info@parshavayealborz.com

Password: P@rshava123456

Targets
Target

POs 097663899 NEW ORDER.r.exe

MD5

610a2a3c8ff25649bb8d64f028d657fe

Filesize

399KB

Score
10/10
SHA1

939d2ffc7e123a061c3ecae244f618f2303c8d29

SHA256

eea3d6de7952101ff57da6f48ea85ecdbaf71bf5027d0d20478021d842a21101

SHA512

2d0ab260a7bb2a04a6bb40b68b8d67f8444eaee650d5204b1dd92b2541e4241085cb01e802a73c9d6bc41af33c1b7591b5736bcc0253c247964e2c53ed7c62ba

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation