General

  • Target

    yyyyyy.exe

  • Size

    942KB

  • Sample

    200630-en8nwt32vx

  • MD5

    ad520c8794875fc5dfa4e5db1f97b634

  • SHA1

    9b99a679b1d0df84f4f634ff16a182ee6086b44b

  • SHA256

    b58248fcc771ae21b12857d72462c26ae30f3234bd5095986079c7b807791fa6

  • SHA512

    b6792047c99a31e6d60f057f2b7b18a517fe97e7c55cdb510aa2344df283a6a5da0242887600a90fe1a6b9459fa424faeb4a6fb424fa6e3298b8ad378b428a13

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.materialsmiquel.com
  • Port:
    587
  • Username:
    antoni@materialsmiquel.com
  • Password:
    fa5pEpewrE8a

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.materialsmiquel.com
  • Port:
    587
  • Username:
    antoni@materialsmiquel.com
  • Password:
    fa5pEpewrE8a

Targets

    • Target

      yyyyyy.exe

    • Size

      942KB

    • MD5

      ad520c8794875fc5dfa4e5db1f97b634

    • SHA1

      9b99a679b1d0df84f4f634ff16a182ee6086b44b

    • SHA256

      b58248fcc771ae21b12857d72462c26ae30f3234bd5095986079c7b807791fa6

    • SHA512

      b6792047c99a31e6d60f057f2b7b18a517fe97e7c55cdb510aa2344df283a6a5da0242887600a90fe1a6b9459fa424faeb4a6fb424fa6e3298b8ad378b428a13

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Tasks