General

  • Target

    SecuriteInfo.com.Variant.Tedy.126089.31179.28520

  • Size

    1.0MB

  • Sample

    220725-lk4gnabhhr

  • MD5

    65abd0d33c1d0689c23d59685818c62e

  • SHA1

    2f68ceaff6e150b295581ca7aa87d6f69a10ea70

  • SHA256

    e563583b0bcc2d9fe2ea1af244f452acb1daa69aa3dd79e54dd5c35fc7e5f362

  • SHA512

    58ee273c009365ccb36f40e7a5eb00c3f66f5a6a28861d4818b6057219f0fe1791ca9d12aef8539ee84709d183099f5223460787627fc3bd5a5d67a7af871ce0

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.valvulasthermovalve.cl
  • Port:
    21
  • Username:
    cva19491@valvulasthermovalve.cl
  • Password:
    LILKOOLL14!!

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.valvulasthermovalve.cl/
  • Port:
    21
  • Username:
    cva19491@valvulasthermovalve.cl
  • Password:
    LILKOOLL14!!

Targets

    • Target

      SecuriteInfo.com.Variant.Tedy.126089.31179.28520

    • Size

      1.0MB

    • MD5

      65abd0d33c1d0689c23d59685818c62e

    • SHA1

      2f68ceaff6e150b295581ca7aa87d6f69a10ea70

    • SHA256

      e563583b0bcc2d9fe2ea1af244f452acb1daa69aa3dd79e54dd5c35fc7e5f362

    • SHA512

      58ee273c009365ccb36f40e7a5eb00c3f66f5a6a28861d4818b6057219f0fe1791ca9d12aef8539ee84709d183099f5223460787627fc3bd5a5d67a7af871ce0

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • suricata: ET MALWARE AgentTesla Exfil via FTP

      suricata: ET MALWARE AgentTesla Exfil via FTP

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Tasks