General

  • Target

    SRF Industries (Thailand) Ltd.pdf.exe

  • Size

    40KB

  • Sample

    240223-nmmb9sfc9s

  • MD5

    26c95e5acba77d7fd14d109c94f75cca

  • SHA1

    56359d96cd63d66b51eb49acd46d8df25f170c30

  • SHA256

    32272f676a500007b4321f7c076ec3169305615e230dad3d89c63e0cfd24c1c6

  • SHA512

    6b2bd0a6240a13b641d005dc34cd364fd5eb2bb861d49d33bf826766ea0daf4a264f1182905363720b6a8bfad03d97386e965863578e57cf2cf5403d1309363a

  • SSDEEP

    768:1pc7ngE+7L+Phy83dWrz7lwHZjl7GdoUNIBBv5r:1Aj+7100rz7lwHj7QSBvJ

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.supplyvan.xyz
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Ifeanyi1987@

Targets

    • Target

      SRF Industries (Thailand) Ltd.pdf.exe

    • Size

      40KB

    • MD5

      26c95e5acba77d7fd14d109c94f75cca

    • SHA1

      56359d96cd63d66b51eb49acd46d8df25f170c30

    • SHA256

      32272f676a500007b4321f7c076ec3169305615e230dad3d89c63e0cfd24c1c6

    • SHA512

      6b2bd0a6240a13b641d005dc34cd364fd5eb2bb861d49d33bf826766ea0daf4a264f1182905363720b6a8bfad03d97386e965863578e57cf2cf5403d1309363a

    • SSDEEP

      768:1pc7ngE+7L+Phy83dWrz7lwHZjl7GdoUNIBBv5r:1Aj+7100rz7lwHj7QSBvJ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Contacts a large (4576) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks