General

  • Target

    3ff802e875d54b64758cc2e91844a7d1d9c87c348dfc18604db5ee6dd856cca3

  • Size

    838KB

  • Sample

    221128-g7d33agc9y

  • MD5

    644ef0e96bb766efa2a3fe3a7dfb0d5c

  • SHA1

    76f4bc8da9ef0130175a93d29ec7f913a904934b

  • SHA256

    3ff802e875d54b64758cc2e91844a7d1d9c87c348dfc18604db5ee6dd856cca3

  • SHA512

    c75591011ff6542f4ab6018ba58163f4d69ba6bcda6af68bc22c68a87b0f9f08d5d2d19da01d23c53cec30eec702ee3fc90f70e219827011caea5dbbac373af2

  • SSDEEP

    12288:gg5VmNVT3J/0UNz5fPC6q1BQh/IObjfF7LLDEXlXY61XIOmM0uY:hLm3jJddnboDObjfxLXMVByx

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tqzwrcdhriqzrjyb

Targets

    • Target

      3ff802e875d54b64758cc2e91844a7d1d9c87c348dfc18604db5ee6dd856cca3

    • Size

      838KB

    • MD5

      644ef0e96bb766efa2a3fe3a7dfb0d5c

    • SHA1

      76f4bc8da9ef0130175a93d29ec7f913a904934b

    • SHA256

      3ff802e875d54b64758cc2e91844a7d1d9c87c348dfc18604db5ee6dd856cca3

    • SHA512

      c75591011ff6542f4ab6018ba58163f4d69ba6bcda6af68bc22c68a87b0f9f08d5d2d19da01d23c53cec30eec702ee3fc90f70e219827011caea5dbbac373af2

    • SSDEEP

      12288:gg5VmNVT3J/0UNz5fPC6q1BQh/IObjfF7LLDEXlXY61XIOmM0uY:hLm3jJddnboDObjfxLXMVByx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks