General

  • Target

    payment to new bank account.exe

  • Size

    447KB

  • Sample

    200624-w1qj7mvtze

  • MD5

    783f004a10ee4968177781da7c16afe6

  • SHA1

    86ba9ef1a91abf63cf9a3c6bcc7a67fa37e3494e

  • SHA256

    5a9f5848c0305a43cf26c3776ed1d4683fbc9d2f59349cd741efe792313affaa

  • SHA512

    9c3f1f4234691671b3852380feff86462675cc6c1c855ab2ed1cd0f6e83d6ca0bb377589df9b0af74211bf0046034cc59a30871931d51d1bfae6b2750a4845d3

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    millersolomonjaja@yandex.ru
  • Password:
    solomon12345$$$1

Targets

    • Target

      payment to new bank account.exe

    • Size

      447KB

    • MD5

      783f004a10ee4968177781da7c16afe6

    • SHA1

      86ba9ef1a91abf63cf9a3c6bcc7a67fa37e3494e

    • SHA256

      5a9f5848c0305a43cf26c3776ed1d4683fbc9d2f59349cd741efe792313affaa

    • SHA512

      9c3f1f4234691671b3852380feff86462675cc6c1c855ab2ed1cd0f6e83d6ca0bb377589df9b0af74211bf0046034cc59a30871931d51d1bfae6b2750a4845d3

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Tasks