3bb19d199fff596129f516833a34d060289387b11296c642f089282dc0c0e1e4

General
Target

3bb19d199fff596129f516833a34d060289387b11296c642f089282dc0c0e1e4

Size

1MB

Sample

220521-pxzk1sbdek

Score
10 /10
MD5

cdea2db65aae814621336d740aa92924

SHA1

c6714c72354633c08595eddb6f010c1035f825bf

SHA256

3bb19d199fff596129f516833a34d060289387b11296c642f089282dc0c0e1e4

SHA512

0cacfdd12126c9dee62bcdcadea631fb4b299831f86648e84a9a940b788481dfdc2d28da4e6a8ebdfe5d6168906ad786bea6aa06e46614ca9c9aa4f66bd71676

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.yandex.ru

Port: 587

Username: miss.vostrickova2016@yandex.ru

Password: 3232908

Extracted

Credentials

Protocol: smtp

Host: smtp.yandex.ru

Port: 587

Username: miss.vostrickova2016@yandex.ru

Password: 3232908

Targets
Target

scan08312020.pdf .......exe

MD5

f13581b27fd5fc2225e0f62fae689970

Filesize

1MB

Score
10/10
SHA1

45739ac5a6a20d63b281e20a088214e3589020d5

SHA256

92bb0317bc220657af5e88c2382bb04150052319693a2ed90616bf65ff44467a

SHA512

9029fd8335f393ccd69b75871c61672d23af7a9f8fb77a14c68b00842d1a4822d2a7c3f9495026fac55a432f08b1c1b826f7a2145ad662aa1c1f7000b7ce98ea

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                  Privilege Escalation