General

  • Target

    df9f1737e1fd7d6d0794994ddbc7350be441b6d012ce43d35c795b8eb88dd30dz.rar

  • Size

    607KB

  • Sample

    231207-ybkdmsgc3w

  • MD5

    a27fee426caab391cc5c234ad3c05337

  • SHA1

    291145b01a2284963ed53cdd4fb735879a7b5455

  • SHA256

    df9f1737e1fd7d6d0794994ddbc7350be441b6d012ce43d35c795b8eb88dd30d

  • SHA512

    e3729ce14856f10a398af3930d6c59e1caf7ea1c5deca2cc68c829026ffc164d632e66cd4d471c8ee008d7b87099d24c1d97006ce7c012278ec5b2af39f31e77

  • SSDEEP

    12288:5WXxmr7O4IcUStXJKv74JSuLdOsZePmITYpe7ea7KAoRPTb/u6:mcuI1SGdVZePmOYpeZKXdv5

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.abi0expertise.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Najwa1949!

Targets

    • Target

      Payment Advice - Advice Ref.exe

    • Size

      638KB

    • MD5

      a660077cbfed754a0dcca39d62394482

    • SHA1

      730639e3be1f23c2fc91146ea2b9255b512f64ba

    • SHA256

      810400151abc3b4720611355416884e908ea3bf489c5b3a70866a0b012afb04b

    • SHA512

      d06238133bad029eef2106ad614593cc1276b4eefd1ff01fcbf90273f1d99788261a046b6cd788b6e1559164a8af40289da059cd5820b5d99bd3173b2891cf36

    • SSDEEP

      12288:SLrQaueH5qMEgpD6ZoYrOrkMw9Un2Xz53yoZAxtEJ/+d5cxdi2RnEzATUs99Cu6m:SLpqMtDQCkf9HG3c9REEQg9A05

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks