General

  • Target

    286a74a3334c854df367f5a885a38acb68a0a000526054ef8426d15779549474exe.exe

  • Size

    694KB

  • Sample

    231207-yg969agd6z

  • MD5

    239046147b36ff4763db827c7f9b6dc6

  • SHA1

    b21e17ce0b240f59d6681971071fb00952154a46

  • SHA256

    286a74a3334c854df367f5a885a38acb68a0a000526054ef8426d15779549474

  • SHA512

    de130ed39cd8f4c4294e1dea04d5019ec939b7bd82cef41b08dd248205c5394b5b7eb428ac2655be9d6486e7e237a7caf0542ff4ac4adf6442cfc4d6dc524c76

  • SSDEEP

    12288:4ueH5qGEWapltx5Vr1rzKp8TOQqT8IM+WzgqmpcmSLXUd5M2:MqbXpltpBKwFqT82aRmqQ5M2

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.ru
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    YAWALESS123@@kkk

Targets

    • Target

      286a74a3334c854df367f5a885a38acb68a0a000526054ef8426d15779549474exe.exe

    • Size

      694KB

    • MD5

      239046147b36ff4763db827c7f9b6dc6

    • SHA1

      b21e17ce0b240f59d6681971071fb00952154a46

    • SHA256

      286a74a3334c854df367f5a885a38acb68a0a000526054ef8426d15779549474

    • SHA512

      de130ed39cd8f4c4294e1dea04d5019ec939b7bd82cef41b08dd248205c5394b5b7eb428ac2655be9d6486e7e237a7caf0542ff4ac4adf6442cfc4d6dc524c76

    • SSDEEP

      12288:4ueH5qGEWapltx5Vr1rzKp8TOQqT8IM+WzgqmpcmSLXUd5M2:MqbXpltpBKwFqT82aRmqQ5M2

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks