General

  • Target

    2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c

  • Size

    418KB

  • Sample

    211018-gjq3qadbc6

  • MD5

    4be25332520b26fccaf19093613142a8

  • SHA1

    33c32233015f2621f62c060f2f343e19484bbbda

  • SHA256

    2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c

  • SHA512

    b59e75fd695e3eb5404a14bb995a65757653818c106e81adfdadab82948aa79a412b001b5f4b99dc2e7ede03a56ee7d5ac8dae79ec37b10185b32a2f4efc8bd3

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.lko-import.de
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    TVMHSiW5

Targets

    • Target

      2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c

    • Size

      418KB

    • MD5

      4be25332520b26fccaf19093613142a8

    • SHA1

      33c32233015f2621f62c060f2f343e19484bbbda

    • SHA256

      2abf2a8978d75c05076b1b55593d4c619ff6fcb92146340d72f76aa9e8bed47c

    • SHA512

      b59e75fd695e3eb5404a14bb995a65757653818c106e81adfdadab82948aa79a412b001b5f4b99dc2e7ede03a56ee7d5ac8dae79ec37b10185b32a2f4efc8bd3

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks