General

  • Target

    5b588fe0071eb3895c265ab150fe81f5afbda895abc432db1932945ed0d178a9

  • Size

    658KB

  • Sample

    231209-b6arcseadm

  • MD5

    fccf725ee0c93ef39179fc1fb494d3c9

  • SHA1

    1c3977388770e237bc4d80516f631477f73b2c6a

  • SHA256

    5b588fe0071eb3895c265ab150fe81f5afbda895abc432db1932945ed0d178a9

  • SHA512

    0f6a9cdaeef38e9795b1a883e9f159b057df5eda1e38884c384060eafd676804297c28fcd2208de234e2dccb45f7ad48ca0501753373eb6caa575ad650c2e6ca

  • SSDEEP

    12288:NsGDD/d6QNsoNYMolVU69h8txu9G2HRWSHyVYY5NmPCipQ+9:NsGDDidMoA69h8t09rRWSHMYY5o/6+9

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    cp5ua.hyperhost.ua
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#$

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      5b588fe0071eb3895c265ab150fe81f5afbda895abc432db1932945ed0d178a9

    • Size

      658KB

    • MD5

      fccf725ee0c93ef39179fc1fb494d3c9

    • SHA1

      1c3977388770e237bc4d80516f631477f73b2c6a

    • SHA256

      5b588fe0071eb3895c265ab150fe81f5afbda895abc432db1932945ed0d178a9

    • SHA512

      0f6a9cdaeef38e9795b1a883e9f159b057df5eda1e38884c384060eafd676804297c28fcd2208de234e2dccb45f7ad48ca0501753373eb6caa575ad650c2e6ca

    • SSDEEP

      12288:NsGDD/d6QNsoNYMolVU69h8txu9G2HRWSHyVYY5NmPCipQ+9:NsGDDidMoA69h8t09rRWSHMYY5o/6+9

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Loads dropped DLL

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks