Resubmissions

22-09-2022 17:18

220922-vt9vgafger 10

22-09-2022 11:00

220922-m38prsfacj 10

General

  • Target

    afb480e4ad0324585f1bf3beec7b1b89729f2af125842dc2dab10565aa814abe.zip

  • Size

    93KB

  • Sample

    220922-m38prsfacj

  • MD5

    d02738477499840c7ef92cb549831a22

  • SHA1

    ddbcc645302d1a5cebed73baad72f031dc91399d

  • SHA256

    ceb436c89789a91625a8810acc1483e842905dfe876c615e8085dbc07546ae3f

  • SHA512

    998f37f3a8b741bff3a638f29df02b19109064393ce0f6e2d77139a939b8b019072f9b957a8940801247e6272a77753201d5f7f63bbb456965a59f8eb0105e39

  • SSDEEP

    1536:TewvANYrZgC0uHfqoFK8eZ5MstrLZOzAXlmcE9FGxUwnhOWOI51+zjD4EKLw2Y7k:TewvANmgC0OfDK8e4YRO0XlmNzenwWnb

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    %2B
  • Port:
    21
  • Username:
    application/x-www-form-urlencoded
  • Password:
    image/jpg
C2

p=

https://api.telegram.org/bot1884223853:AAFLYXw5-3W9k1k0nY-fyJeUEh7dhx5xk78/

Targets

    • Target

      afb480e4ad0324585f1bf3beec7b1b89729f2af125842dc2dab10565aa814abe.exe

    • Size

      209KB

    • MD5

      ad41c36bff05858a722e1a2ec86b12c2

    • SHA1

      0ee3c514dfd440fb9b89300eeae38b65b2a0e547

    • SHA256

      afb480e4ad0324585f1bf3beec7b1b89729f2af125842dc2dab10565aa814abe

    • SHA512

      85fcc657ec9f62c4b1899ba66745acc26c473898ca9ab3fa2a819ac562030836177e30b789956525a852905c98be11e283034b0f0809d8018226ce8d0496b00c

    • SSDEEP

      6144:w1hKe+BFESYjGEfJ+wCHUhWfEJAp4lkhap6DjPiIDeAmrvxOQe:w1Z+BFESYd4LEO3B

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks