General

  • Target

    8f3cb78bf3632816a1255f1d71836932.bin

  • Size

    299KB

  • Sample

    230328-ceernsac4t

  • MD5

    bf1d230510e36ed9f8cc6db2186d8fba

  • SHA1

    f9ec526e012c48bb35d5f1bfcae2449d97e7efad

  • SHA256

    caed372ea04ceaaf3e9615617ec7f06a3470c88b5324ceb6b5e4cdf8425799ec

  • SHA512

    b1f506a6c14eb2080afd04e69515a0b4af4aeab9b7326ff14da993245f25f6faafb15f806b2504bd5cc676525258c31ee10388409932b61e0eb912976276c6b0

  • SSDEEP

    6144:LXpYRDjEmDkvRq7sBodrtT/iFPiRhKNjXPqpKXdXAg3KSCeHLWQT:NGYXpUTOiRhEi8X5f3bCNQT

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6026888647:AAGb0kQIiX-9M6s_XEHToU4XcgyhOmF9JlI/

Targets

    • Target

      9570de55edd0673b943373c62f8933668173897cc3a9a7bd976636fae991b5e1.bin

    • Size

      747KB

    • MD5

      8f3cb78bf3632816a1255f1d71836932

    • SHA1

      c858c54d86f8b77118cb561dff239a870db0945a

    • SHA256

      9570de55edd0673b943373c62f8933668173897cc3a9a7bd976636fae991b5e1

    • SHA512

      8b6fe8ef129eda20fd6449a4c67caeff3b0858a2fc246ff230e28b57f03e4fde955faba20b23b20d5802c9506a811624cb6ed45f391ed4f65a3705796287eb2c

    • SSDEEP

      12288:sf14CfyiII23mtF2v700UyxUAvB/+QVKdPDgw:Pit2mA75UyxU6B/+QQdPDg

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

3
T1005

Email Collection

1
T1114

Tasks