019c37268b08ec8bdf64efc52f889ef1cc2e39d7fd45aa69fd2d22cb27e6b581

General
Target

019c37268b08ec8bdf64efc52f889ef1cc2e39d7fd45aa69fd2d22cb27e6b581

Size

615KB

Sample

220521-xls8vscad3

Score
10 /10
MD5

111e194d223926906ecea780f5a7a7f5

SHA1

bfc289366c5824f2d9cced4d6edf88cacdb77797

SHA256

019c37268b08ec8bdf64efc52f889ef1cc2e39d7fd45aa69fd2d22cb27e6b581

SHA512

fcf7f0a6ba29e3e488363e3379a7d72ee0b95b185b47c2d509c7384dc671d683cbc0d50de4f205b3a8fa3148cc7b9cb0b941d28b2cc3496e0673f41a54fc1657

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.yandex.com

Port: 587

Username: chuk5anderson@yandex.ru

Password: chukwudi123

Extracted

Credentials

Protocol: smtp

Host: smtp.yandex.com

Port: 587

Username: chuk5anderson@yandex.ru

Password: chukwudi123

Targets
Target

ARG 101.56-0.06 gauge.exe

MD5

30545d17881d0c3067ebc371dffa0730

Filesize

825KB

Score
10/10
SHA1

d9a148bf49b3cef4c5c5ee583b4973036c86c27e

SHA256

777e4e952b36fb4fc429e8338b14e09de7c0e076ab7aebe944e212c8087cfe39

SHA512

69fefe7cdee34cc54d81e9b7214c6027666889130226388e4a9de8ac88f192f86a6e92e4eb401b25c5d001cd6625f2aa194bae92dd4a2d884c0a4332671d2833

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Reads data files stored by FTP clients

    Description

    Tries to access configuration files associated with programs like FileZilla.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation