fc1f9c1a144bdf50c6ed493af4c2ed0025ff9740c4eee0d7d6fd47d488574a42

General
Target

fc1f9c1a144bdf50c6ed493af4c2ed0025ff9740c4eee0d7d6fd47d488574a42

Size

513KB

Sample

220521-xjcs4afbbp

Score
10 /10
MD5

0baaf92ea61a914cc5d3288022bfaa09

SHA1

f59a41d0628a0da62ef500b76271e8653f2b1205

SHA256

fc1f9c1a144bdf50c6ed493af4c2ed0025ff9740c4eee0d7d6fd47d488574a42

SHA512

5512451c830cafcd646e883edd8690ff8d6a8636ac9361e4ba92471157ba67bda5a0d81833ca51b26dfd047d4afbaa5114290c53821e3e5cda866450b61dfa4e

Malware Config

Extracted

Credentials

Protocol: smtp

Host: smtp.yandex.com

Port: 587

Username: xyzax@yandex.com

Password: 2019conCT@

Targets
Target

Scanned Document for New Order.exe

MD5

25efd625b5087b05aa85145cbeeedd5d

Filesize

551KB

Score
10/10
SHA1

bb7435eca866d8f457da396e9e8785826267e95f

SHA256

c013bad7f656d8c4b7996af04a627c62b587946a8bf40fd12935664b4cb28c5e

SHA512

7cff4fae2f6589ac237e061a024d14d416876a63dce13a4898717f17ca57d152d33c210e72fd44a47c597ef055094dd068f6ff9c4f609b86380837029b674c81

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks