General

  • Target

    b31c4835e17587d6b1f5f170da84abb8130519be8ea3fc5da07d47f548ffa18b

  • Size

    1.2MB

  • Sample

    231209-bj4e6adhak

  • MD5

    99471b98351a369f4b5114cdf32223fc

  • SHA1

    64fb6a3a48d6bcfb6f7e65b9686893a28e5b62b7

  • SHA256

    b31c4835e17587d6b1f5f170da84abb8130519be8ea3fc5da07d47f548ffa18b

  • SHA512

    f33ea337191211a8bf9636389d2f45312e016eb833722ae9610bd1660bac70da2bb54e6381dd20a1c99cc897f7f404923305efd4b173e75881529c88326d4996

  • SSDEEP

    12288:twFGHEOFmZPT0TRoi+kXjhk5na5hylgimtdYM3O0V7bbn:t5HEOOPOaMd4na2lgZtub0V7

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.vvspijkenisse.nl
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    playingboyz231

Targets

    • Target

      Sutarčių analizė-pdf.exe

    • Size

      711KB

    • MD5

      102714cb47ab0624d79ed174a8231ad6

    • SHA1

      8991d7808c89d2c6209322b20ea4a8b75f78fb44

    • SHA256

      0da1ad1d456b5b7a028efcbfd9c3ee45af7c6830c87c1e7469faa089dbb0fe7e

    • SHA512

      7467ec91c266be688bf97f92a72068bf3271b1c58bf7ded76fce89fa93a8c06d631727b68c4938df57dbab3f0a07a0f6820f3587e87155a77e9d424e288b9bf2

    • SSDEEP

      12288:twFGHEOFmZPT0TRoi+kXjhk5na5hylgimtdYM3O0V7bbnL:t5HEOOPOaMd4na2lgZtub0V7z

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Drops file in System32 directory

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks