3c82fbd85a69de84fc7cb404bdd1cb849925a7b6b1053a6572cfb2b610a93a39

General
Target

3c82fbd85a69de84fc7cb404bdd1cb849925a7b6b1053a6572cfb2b610a93a39

Size

365KB

Sample

220521-pxycysbddq

Score
10 /10
MD5

d141b9a85cc5e2bfbb5ee251fca97dc7

SHA1

121e499e586fa793ca6d8ee2fff42ff4df9009cc

SHA256

3c82fbd85a69de84fc7cb404bdd1cb849925a7b6b1053a6572cfb2b610a93a39

SHA512

80dac691d80a310b37c94fc031e9ef3657a287988eb4c37afe8d45955bbde492fa52259ffa40181772b33a8f1284202d11bef92f2f5482e04f2ee13a2e2e9737

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: mail.pptoursperu.com

Port: 587

Username: info@pptoursperu.com

Password: mailppt2019-

Targets
Target

AWB DHL 6357297368.exe

MD5

1221300c3d055641e3067c1699aa20e3

Filesize

401KB

Score
10/10
SHA1

736fb0ca19750112c72dfb189b4dc0539303f45e

SHA256

addb2e3a02342b031f2313bfc910927b94904faed320fc4b52e4b8fec77d622b

SHA512

7a4a365cc87d5d8acc68cceced203b48c2c63190e335294601e0c905fffc44ebc214aff2eb77cc352eafbb8c96fd000d9eed684746b7271560cda162ff935903

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation