General

  • Target

    07bdcc618e9b9c026c2af7c49a4c2ec9.exe

  • Size

    774KB

  • Sample

    231207-vjmxysdh73

  • MD5

    07bdcc618e9b9c026c2af7c49a4c2ec9

  • SHA1

    9e1dc5f671c1aa1219dd5680bbc7d368e402945b

  • SHA256

    862b70eccf66509357985d1f207f5c7a05f4b9515ff8873723004cbecdcc5fd0

  • SHA512

    e1f4c62f18e2c2e7692c750f4ca58fe2da312904ac563d3cb5ba7152f4fe90b33eb3ac826e1c67f74aa67555d3fdc03c32a581df6206177622558c8cd7aaf394

  • SSDEEP

    12288:BGvmhkZ5shcSdqD8g31vJHOuhiYfgFkjMQl+1u36+ZFEj/8/xRZ:BbK/shZdq/NhhfgFG+P+ZFhH

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    obilogs@hulkeng.xyz
  • Password:
    7213575aceACE@
  • Email To:
    obilogs@hulkeng.xyz

Targets

    • Target

      07bdcc618e9b9c026c2af7c49a4c2ec9.exe

    • Size

      774KB

    • MD5

      07bdcc618e9b9c026c2af7c49a4c2ec9

    • SHA1

      9e1dc5f671c1aa1219dd5680bbc7d368e402945b

    • SHA256

      862b70eccf66509357985d1f207f5c7a05f4b9515ff8873723004cbecdcc5fd0

    • SHA512

      e1f4c62f18e2c2e7692c750f4ca58fe2da312904ac563d3cb5ba7152f4fe90b33eb3ac826e1c67f74aa67555d3fdc03c32a581df6206177622558c8cd7aaf394

    • SSDEEP

      12288:BGvmhkZ5shcSdqD8g31vJHOuhiYfgFkjMQl+1u36+ZFEj/8/xRZ:BbK/shZdq/NhhfgFG+P+ZFhH

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Collection

Data from Local System

3
T1005

Tasks