General

  • Target

    2c28cf2416fd709cbf30c1dd438a80d7b5596b0da94f20942f42be468fcb9ae5

  • Size

    762KB

  • Sample

    231208-n1v7bsda8v

  • MD5

    ecbdafd28f9a6c955799243e3e386a42

  • SHA1

    bd4182e50083eb26adc9dc6b022a16f600b1ec4d

  • SHA256

    2c28cf2416fd709cbf30c1dd438a80d7b5596b0da94f20942f42be468fcb9ae5

  • SHA512

    bb441bef7b5a03807c2cd759239e95fb846b32f7436a6a52f2d8036eeb88f88003ede27fea7057724e451169edf26f7c65fe1ed19a81ae75be61feff2533634d

  • SSDEEP

    12288:kVjid7BR6wTuHWhblYlvHx9nwQAicPF3lsFZ8MLZUiMoQsh5cI/4m05sFhR0KbB/:2ipBt0/nBAicNlsFZbqlsv4AJ0KlXxp7

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.hltllc.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Hlt@36@Gr#8

Targets

    • Target

      2c28cf2416fd709cbf30c1dd438a80d7b5596b0da94f20942f42be468fcb9ae5

    • Size

      762KB

    • MD5

      ecbdafd28f9a6c955799243e3e386a42

    • SHA1

      bd4182e50083eb26adc9dc6b022a16f600b1ec4d

    • SHA256

      2c28cf2416fd709cbf30c1dd438a80d7b5596b0da94f20942f42be468fcb9ae5

    • SHA512

      bb441bef7b5a03807c2cd759239e95fb846b32f7436a6a52f2d8036eeb88f88003ede27fea7057724e451169edf26f7c65fe1ed19a81ae75be61feff2533634d

    • SSDEEP

      12288:kVjid7BR6wTuHWhblYlvHx9nwQAicPF3lsFZ8MLZUiMoQsh5cI/4m05sFhR0KbB/:2ipBt0/nBAicNlsFZbqlsv4AJ0KlXxp7

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks