General

  • Target

    Original invoice.exe

  • Size

    799KB

  • Sample

    200712-wldh3d8z76

  • MD5

    903746d6c18aef7b3acbf91fb0b1ba11

  • SHA1

    7712236e9d81cc5654023d7a21b0a518ea2b53d9

  • SHA256

    1debc399539d6dddfa7522dbf42b2ade7d0e56179588fae9f144301a84629e50

  • SHA512

    794e32b00aeda08552e8c05a94ded42b135f605d86dfe0d9d8f4cdbc0630226d1f957913d555f50efc638499aa75c8cad924cf1158bb96f9232d29fe0b4eb18a

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.amberresidenceng.com
  • Port:
    587
  • Username:
    reservations@amberresidenceng.com
  • Password:
    Amber_2017

Targets

    • Target

      Original invoice.exe

    • Size

      799KB

    • MD5

      903746d6c18aef7b3acbf91fb0b1ba11

    • SHA1

      7712236e9d81cc5654023d7a21b0a518ea2b53d9

    • SHA256

      1debc399539d6dddfa7522dbf42b2ade7d0e56179588fae9f144301a84629e50

    • SHA512

      794e32b00aeda08552e8c05a94ded42b135f605d86dfe0d9d8f4cdbc0630226d1f957913d555f50efc638499aa75c8cad924cf1158bb96f9232d29fe0b4eb18a

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Discovery

System Information Discovery

1
T1082

Tasks