General

  • Target

    Delivery Note.rar

  • Size

    255KB

  • Sample

    231208-t6jndacgg5

  • MD5

    576793b5fb46246819debd10efdec957

  • SHA1

    ebf12fb28586b9597085923878195a9e24d192d2

  • SHA256

    db5fe4e4b01294d131cd68de0cb8acf346973de35d138224fd69ce33e129fb13

  • SHA512

    f71494f19d420f585e32b9ff209762911302ef1efa0d23226757854c3f421e5c2fdd6c03b71ab64893a0273bb6ad64c4f494de009c3ef0ad681b7f27fb6e0123

  • SSDEEP

    6144:Ld2QvaPw5P4s+d1M3QNXzbAQ8c7rq+Q2kIKeq0yqsE3v5E:LwQvB5g/jMghkQg56yqskK

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6669461375:AAGwrSGDuGS4lzGe3ziI4ubZc9TzQ8r1m8o/

Targets

    • Target

      afro76tyg.exe

    • Size

      334KB

    • MD5

      20ca3c6b39bae2b654b976d0577405d8

    • SHA1

      6eff448ec998ed4499f312b4ab93801a6707267a

    • SHA256

      897f63b1e9aa84952f2412533fece39161f4fb4ee3077ee5d430ffc13a4383c7

    • SHA512

      04a5f89053555e2a4fe86fa109fa5cebe42103acb4bc1d683b88c4a6095b4bcd6a18d492a019200991cf2affb74485330c0ae6a72ba6041254c512effe978b16

    • SSDEEP

      6144:hEkP48HVp1FKYWxDPzLyNMVDAcdfPg93Sw9Z7zLtX6s5kO+Bm9clq61:hEZ8HVpPKFSNI84493SWbXH5kSilq

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks