19790c444756285d67ed9894e2bef121e7b399984f4ed538aa1cd1e0f4ee9643

General
Target

19790c444756285d67ed9894e2bef121e7b399984f4ed538aa1cd1e0f4ee9643

Size

390KB

Sample

220521-pyp3zabdgm

Score
10 /10
MD5

ea24d290411d212f77e8738e074db3b1

SHA1

2dea9890185dfe8389bb963dcaf2c3906995a6d6

SHA256

19790c444756285d67ed9894e2bef121e7b399984f4ed538aa1cd1e0f4ee9643

SHA512

df247880d117ebc1deadcfe51f33903ac56d6d9108a05be4fd65f6ed6c308ba6b2583cfbb96614478cebea3b84ff9906e565485e7e8be5bdfe421f37c80ef766

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.yandex.com

Port: 587

Username: mullarwhite@yandex.com

Password: challenge12345@

Targets
Target

REQUEST FOR QUOTATION.exe

MD5

2d02fc0bb28b135bd28dcd4b66447e3e

Filesize

524KB

Score
10/10
SHA1

eb509573abe7488ba23a02cb7326fa2f4e3d8c27

SHA256

23f73a5c76d3f569e043322817d14f2618301b8ed17db3c52d26813b1a27b298

SHA512

a8ac57edce70b775823a2874439f89006ddf9d53de1cc901aad32ccc985d2d8f09f782bf88231cdc69c9e1df0136046012b3bbc4d8bc4a7e10a15626d356a26b

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation