General

  • Target

    ff11cc320a56b5aa8cdfc8ce4bbd78926624ebdac7514446556c28feebed0e15

  • Size

    277KB

  • Sample

    240403-mkg44acf23

  • MD5

    406de95a9dd661c24493b0d207c25a99

  • SHA1

    4798b6987d2cf926b58fd462605449febfc85310

  • SHA256

    ff11cc320a56b5aa8cdfc8ce4bbd78926624ebdac7514446556c28feebed0e15

  • SHA512

    8a43065aefaaa263e5629002d9603cb7c18eb4d8f04845d66272273a90fe5e04ee4ae9c9f7488563f7773727f0d4fb6823d43774f8e3ed0f594f0d1196732a33

  • SSDEEP

    3072:nwpinHOI5TMZeZCw0czsD917AX1ljeYh3aFXAY8hQO8Bf1k/BOQl5MD3AaqHWrwg:Y9wTie/0rb9cQOKO5L036AGuLm

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    terminal6.veeblehosting.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    HdaD#~1W)pw9

Targets

    • Target

      ff11cc320a56b5aa8cdfc8ce4bbd78926624ebdac7514446556c28feebed0e15

    • Size

      277KB

    • MD5

      406de95a9dd661c24493b0d207c25a99

    • SHA1

      4798b6987d2cf926b58fd462605449febfc85310

    • SHA256

      ff11cc320a56b5aa8cdfc8ce4bbd78926624ebdac7514446556c28feebed0e15

    • SHA512

      8a43065aefaaa263e5629002d9603cb7c18eb4d8f04845d66272273a90fe5e04ee4ae9c9f7488563f7773727f0d4fb6823d43774f8e3ed0f594f0d1196732a33

    • SSDEEP

      3072:nwpinHOI5TMZeZCw0czsD917AX1ljeYh3aFXAY8hQO8Bf1k/BOQl5MD3AaqHWrwg:Y9wTie/0rb9cQOKO5L036AGuLm

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks