General

  • Target

    8c979ff2fa6eab53a6e439f0c8d4b4a90d4d430fa1d2717fe58be2a9f08ed90d.exe

  • Size

    234KB

  • Sample

    240403-p6x4jsdd3y

  • MD5

    683d0fd45061453aed291d68ec1e933f

  • SHA1

    3e4e397bf8e5b960dfaa44572ba921a5ff31460c

  • SHA256

    8c979ff2fa6eab53a6e439f0c8d4b4a90d4d430fa1d2717fe58be2a9f08ed90d

  • SHA512

    1f2bfd5c9cc0bfe4ad9149bb2d79235ea080c13cb8bb10fa0b0e44c33026dc09adc5a5946f3d7f19c93d00f088857ae8a9f4fb5fa7b747a40ceebee3d6810750

  • SSDEEP

    3072:09nyuyGCdhHnUb32SBJeK/7SNKTgvgJpr6A5heWFCV:09nyuyGCdhHUb3DBEK/H63WQ

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    nl9.nlkoddos.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Myname321@

Targets

    • Target

      8c979ff2fa6eab53a6e439f0c8d4b4a90d4d430fa1d2717fe58be2a9f08ed90d.exe

    • Size

      234KB

    • MD5

      683d0fd45061453aed291d68ec1e933f

    • SHA1

      3e4e397bf8e5b960dfaa44572ba921a5ff31460c

    • SHA256

      8c979ff2fa6eab53a6e439f0c8d4b4a90d4d430fa1d2717fe58be2a9f08ed90d

    • SHA512

      1f2bfd5c9cc0bfe4ad9149bb2d79235ea080c13cb8bb10fa0b0e44c33026dc09adc5a5946f3d7f19c93d00f088857ae8a9f4fb5fa7b747a40ceebee3d6810750

    • SSDEEP

      3072:09nyuyGCdhHnUb32SBJeK/7SNKTgvgJpr6A5heWFCV:09nyuyGCdhHUb3DBEK/H63WQ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks