General

  • Target

    17606c677999cee477794956fc3f7496ecc4defcb24aed8a3571f70ea5b20088

  • Size

    760KB

  • Sample

    231209-b4bkwaeack

  • MD5

    3e32393a7b1d83de84b9b4833c1520f4

  • SHA1

    e68079f47470393806a6e5dfd555a3dbf09b590b

  • SHA256

    17606c677999cee477794956fc3f7496ecc4defcb24aed8a3571f70ea5b20088

  • SHA512

    586386b54a90bf3d3d172ba8cb815e92947f5bf52db99b809c92848b709defe6238afab81ae715dd7dcc75881ab219e384c96c5249153a39133b69c3a634953a

  • SSDEEP

    12288:WOSFja7XqkPETlYUcfgd4bJZyTY33a33S333333br70:Wy7tPpUxC26rg

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    12345asdfg@@@@@

Targets

    • Target

      1208_1_2023.exe

    • Size

      700KB

    • MD5

      f326fc9692962fc48ac24c2ddf53292b

    • SHA1

      5e380c0f55ff1615c481a043b4d45e7ce3523e84

    • SHA256

      5ccd3208f03a2b059b46c7c1434186942b1d30df15d370ad6103f85027ffd4cb

    • SHA512

      0627a36e09eaed94274fd22fc8d4b7cc58281625ba1a14f9bb80b7ad4d1964e39e28f141013ada5841e68643b15d2575f2fa72ffba2b47dc39e1d156dacc97a7

    • SSDEEP

      12288:ZOSFja7XqkPETlYUcfgd4bJZyTY33a33S333333br70:Zy7tPpUxC26rg

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks