General

  • Target

    8514d154a5f48e8e686db29b65929c510877b21e22431f9f4b30b902ed1f4764

  • Size

    426KB

  • Sample

    231209-ccxjpsffb4

  • MD5

    d3b425f63632a27cf4242729fdeae97d

  • SHA1

    bfaf7533a988214066e5a872bd8f17ccfc37cc00

  • SHA256

    8514d154a5f48e8e686db29b65929c510877b21e22431f9f4b30b902ed1f4764

  • SHA512

    25a14479047cf78f75679150c513017afbde5e8572f95917ce24fa05d54077f4838d48aa305353cd7abe95014dd5e6fcb33d78ac2f7928c684237d2a9cbb6c37

  • SSDEEP

    6144:eKYVlXxA4AWiyJLeY+Js0OdOb2KwLOFnv5Cr8bQmP2iwgHQv5jkX:BYVxxA4AWtcTUiFv5Q8bQ

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.jaazgroup.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    cincin/123

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      NEW_PO_00000024230_pdf.exe

    • Size

      374KB

    • MD5

      99c48e1995ac17d9a080b9c52b71eb1a

    • SHA1

      03d6a2aff955f69c8f1dddb2a13ee978bbba1aa0

    • SHA256

      c401c219b72dad04c802d28d9b78984702779fa1faadb9743ce2bfa1e703389b

    • SHA512

      d6b88e37a6946d45b7ba8ae4ebc1b179a18d6bac9dbf7047197f272c1085364e87a09208ff5a999e9169ba7c9e35e5bd208c3206f276352fe26b9154fd144a54

    • SSDEEP

      6144:8KYVlXxA4AWiyJLeY+Js0OdOb2KwLOFnv5Cr8bQmP2iwgHQv5jkX:3YVxxA4AWtcTUiFv5Q8bQ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks