General

  • Target

    3cc22a1ec55d679078a0420d0aa35f69

  • Size

    1017KB

  • Sample

    210624-sbkg3g97ns

  • MD5

    3cc22a1ec55d679078a0420d0aa35f69

  • SHA1

    ccb7c76b70c18f09694eb7643b17512701bf7ac9

  • SHA256

    fa2a3d2d878502749a5c8b01a6244a8b9e2b7f0cb3b9d0d85cadc2a8dcb5a8dc

  • SHA512

    bf19261b1619623500959dc9b94fb767790029ae508a6f5f6d3b514659a0db25d147330d0467a81d53dfd6dd582934591b4b62ce60c4df0ebbc704edf671d24c

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.austrianhaus.com/
  • Port:
    21
  • Username:
    wx@austrianhaus.com
  • Password:
    740583Dd

Targets

    • Target

      3cc22a1ec55d679078a0420d0aa35f69

    • Size

      1017KB

    • MD5

      3cc22a1ec55d679078a0420d0aa35f69

    • SHA1

      ccb7c76b70c18f09694eb7643b17512701bf7ac9

    • SHA256

      fa2a3d2d878502749a5c8b01a6244a8b9e2b7f0cb3b9d0d85cadc2a8dcb5a8dc

    • SHA512

      bf19261b1619623500959dc9b94fb767790029ae508a6f5f6d3b514659a0db25d147330d0467a81d53dfd6dd582934591b4b62ce60c4df0ebbc704edf671d24c

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Tasks