General

  • Target

    808dc37ef54a4c95bb66f4773d8a84d9b6f548b00bae26ee514996a7f46d2a04.exe

  • Size

    666KB

  • Sample

    231211-qptkgahbe3

  • MD5

    e81d3a6286beea59a2fe264b2b4ee156

  • SHA1

    acbff15ea6b56cb04810e826bfb555b5c2b7efae

  • SHA256

    808dc37ef54a4c95bb66f4773d8a84d9b6f548b00bae26ee514996a7f46d2a04

  • SHA512

    5239f0f66a3d2b2855d104ebd2e4f3f30766a7fb04f1fc4c6d93139f43ee3e8befd6fd2043d1bcd5a3860af96f0527fb7e784162fbc32367fcb27da80db27d6b

  • SSDEEP

    12288:1hkZ59iBJMCZyGzhurolUfjc+gcqjma5G9lvxx4ALiKOsFNKwV8RjnHG0VRp+yzl:1K/9i/XZ3zhurUX+dkma5G99xLLiKOK8

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.siscop.com.co
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    +5s48Ia2&-(t

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.siscop.com.co
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    +5s48Ia2&-(t

Targets

    • Target

      808dc37ef54a4c95bb66f4773d8a84d9b6f548b00bae26ee514996a7f46d2a04.exe

    • Size

      666KB

    • MD5

      e81d3a6286beea59a2fe264b2b4ee156

    • SHA1

      acbff15ea6b56cb04810e826bfb555b5c2b7efae

    • SHA256

      808dc37ef54a4c95bb66f4773d8a84d9b6f548b00bae26ee514996a7f46d2a04

    • SHA512

      5239f0f66a3d2b2855d104ebd2e4f3f30766a7fb04f1fc4c6d93139f43ee3e8befd6fd2043d1bcd5a3860af96f0527fb7e784162fbc32367fcb27da80db27d6b

    • SSDEEP

      12288:1hkZ59iBJMCZyGzhurolUfjc+gcqjma5G9lvxx4ALiKOsFNKwV8RjnHG0VRp+yzl:1K/9i/XZ3zhurUX+dkma5G99xLLiKOK8

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks