dc5688e382c2b6703dac78213f9ef156b2be33ee44aa3bc724a3858b9517677e

General
Target

dc5688e382c2b6703dac78213f9ef156b2be33ee44aa3bc724a3858b9517677e

Size

401KB

Sample

220521-xl4dtsfchj

Score
10 /10
MD5

44f80c62b4958cc95860224850f1a21f

SHA1

4ebfa4fd6372b5d19cbe566cca1543efe1e08e08

SHA256

dc5688e382c2b6703dac78213f9ef156b2be33ee44aa3bc724a3858b9517677e

SHA512

812b9dd03852ed055e4ee2bb962ad67c2a6d74fd6c3570977b6f3124855869094e7f9132ee56a195ae78948db9959a771e6e860fbb60b9634737b7cd127cafd2

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: secure231.servconfig.com

Port: 587

Username: info@eltaef.com

Password: eltaefSH6548883

Extracted

Credentials

Protocol: smtp

Host: secure231.servconfig.com

Port: 587

Username: info@eltaef.com

Password: eltaefSH6548883

Targets
Target

SSCN_12462020pdf.exe

MD5

33d17dffd1221cd066f45811323b44b1

Filesize

444KB

Score
10/10
SHA1

4412bb573391d3466ba49d0d0451d0bb73b245c8

SHA256

ba2937327a241e543cddc12d8c1648db557d5408cc4fe8d06a5261d2d96896ca

SHA512

b7f6c51325171a8d3d6b89c07ebf6715f74ba4fa19bd62f781719c540494a18c0c659301957b34c6bce4ea5f7cf837fe6f299d7a56d8f97e2cc54bd62b3ae8dd

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation