General

  • Target

    tmp

  • Size

    858KB

  • Sample

    231207-x4433seg38

  • MD5

    d7ccd654ae1d4930c48652bc82d37120

  • SHA1

    2897d0512d2007620dcb6bf050efa33112093133

  • SHA256

    892d500a68b8bea757537fe603d7c217488f8526ec28f6dd52d85528ef9a1eb2

  • SHA512

    3fbf2a515053c9fbf7914166ec19f0c9cc3b269b3c1e59c3b28c751d0690ee22ddcd01dd09b0b7870072bf3260688dca8180da6ba26a7100d5fdffe4d5baef03

  • SSDEEP

    24576:1WNiEnfcWhwAQBWuqPL5olwjtAfXbgypF:6JThtQA/j5oyjtA/9pF

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.siscop.com.co
  • Port:
    21
  • Username:
    pedophile@siscop.com.co
  • Password:
    +5s48Ia2&-(t

Targets

    • Target

      tmp

    • Size

      858KB

    • MD5

      d7ccd654ae1d4930c48652bc82d37120

    • SHA1

      2897d0512d2007620dcb6bf050efa33112093133

    • SHA256

      892d500a68b8bea757537fe603d7c217488f8526ec28f6dd52d85528ef9a1eb2

    • SHA512

      3fbf2a515053c9fbf7914166ec19f0c9cc3b269b3c1e59c3b28c751d0690ee22ddcd01dd09b0b7870072bf3260688dca8180da6ba26a7100d5fdffe4d5baef03

    • SSDEEP

      24576:1WNiEnfcWhwAQBWuqPL5olwjtAfXbgypF:6JThtQA/j5oyjtA/9pF

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks