General

  • Target

    cf8a0aa897bf7afe4415e5a8dd65e5b4c00b9a787a4b1cdec48dd59d5d8048f2

  • Size

    172KB

  • Sample

    231209-chf4xaffe2

  • MD5

    e63736194712fd0770fcf5e43b012c5a

  • SHA1

    3bfbcc780b00d7c9e0561bb604cbeb25161ddc4f

  • SHA256

    cf8a0aa897bf7afe4415e5a8dd65e5b4c00b9a787a4b1cdec48dd59d5d8048f2

  • SHA512

    47885a93e5c948c1c4bf41c2c48f6011dd85ffc81b25955d5faa1e1b5c84ea9468adea36dc8209cd0130827a72f62907bd33b14e4934dd72fa7af0ee90522dc1

  • SSDEEP

    3072:oqv04c6tuZFXWpboyW/r2X5HSeLK7MIESzL1ymd4x0EK8365yD7yP:B/c6EZVYkT2pHDLK4wJylx0El38yD

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.etasimali.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    RECRUTEMENT@2023

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      cf8a0aa897bf7afe4415e5a8dd65e5b4c00b9a787a4b1cdec48dd59d5d8048f2

    • Size

      172KB

    • MD5

      e63736194712fd0770fcf5e43b012c5a

    • SHA1

      3bfbcc780b00d7c9e0561bb604cbeb25161ddc4f

    • SHA256

      cf8a0aa897bf7afe4415e5a8dd65e5b4c00b9a787a4b1cdec48dd59d5d8048f2

    • SHA512

      47885a93e5c948c1c4bf41c2c48f6011dd85ffc81b25955d5faa1e1b5c84ea9468adea36dc8209cd0130827a72f62907bd33b14e4934dd72fa7af0ee90522dc1

    • SSDEEP

      3072:oqv04c6tuZFXWpboyW/r2X5HSeLK7MIESzL1ymd4x0EK8365yD7yP:B/c6EZVYkT2pHDLK4wJylx0El38yD

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks