General

  • Target

    ORDINE #96543-pdf.JS

  • Size

    4KB

  • Sample

    210121-fe2ja2aree

  • MD5

    cfa731241965fd4b24e01c24ded86b81

  • SHA1

    c53226dec303274857517fbaa9f406021e9f3d06

  • SHA256

    19ede2b8c1baf36ab7fe4b1182066248277c33df608545349adcb25317d2ca0b

  • SHA512

    57ac282c62f999eccf752d187934a51edf6cb4048441beed84160d0a5cebcc1a2fb8d30a428933535a22d84e36cd61845852cfd4e5e2b12c27f7028a4ebcded8

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.transdealer.cl/
  • Port:
    21
  • Username:
    originlogs2021@transdealer.cl
  • Password:
    wzQlkml^z^dd

Targets

    • Target

      ORDINE #96543-pdf.JS

    • Size

      4KB

    • MD5

      cfa731241965fd4b24e01c24ded86b81

    • SHA1

      c53226dec303274857517fbaa9f406021e9f3d06

    • SHA256

      19ede2b8c1baf36ab7fe4b1182066248277c33df608545349adcb25317d2ca0b

    • SHA512

      57ac282c62f999eccf752d187934a51edf6cb4048441beed84160d0a5cebcc1a2fb8d30a428933535a22d84e36cd61845852cfd4e5e2b12c27f7028a4ebcded8

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Tasks