General

  • Target

    b3b4923e9a8f67dabd71bf88c98f7c388caed0b93551347e8b431266b91c4258.exe

  • Size

    237KB

  • Sample

    240403-p6zx5sdd4s

  • MD5

    e75aa43d86f53eeeac5fbcf856aefc3d

  • SHA1

    ae9012cfa06cf016303243f31b266288ca5ae999

  • SHA256

    b3b4923e9a8f67dabd71bf88c98f7c388caed0b93551347e8b431266b91c4258

  • SHA512

    e179ef95fac6fcc4f47bbc529cc491b72e34f0912ef8d2713b80aa9c71b1913b6c70f3c885028cb5a10b21e516cd9a0d663399d2dd3b20e0c61a193659e4c257

  • SSDEEP

    3072:wXaJxZhZB7vVujp9izi2YlMEGYS2RHl0KLhn5NYvBgaH4:wexZhZB7vC9yiFMEW2Rl0KF4vBT

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    gator3220.hostgator.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    2htWJg8Ru9SP..!TZmaka!@

Targets

    • Target

      b3b4923e9a8f67dabd71bf88c98f7c388caed0b93551347e8b431266b91c4258.exe

    • Size

      237KB

    • MD5

      e75aa43d86f53eeeac5fbcf856aefc3d

    • SHA1

      ae9012cfa06cf016303243f31b266288ca5ae999

    • SHA256

      b3b4923e9a8f67dabd71bf88c98f7c388caed0b93551347e8b431266b91c4258

    • SHA512

      e179ef95fac6fcc4f47bbc529cc491b72e34f0912ef8d2713b80aa9c71b1913b6c70f3c885028cb5a10b21e516cd9a0d663399d2dd3b20e0c61a193659e4c257

    • SSDEEP

      3072:wXaJxZhZB7vVujp9izi2YlMEGYS2RHl0KLhn5NYvBgaH4:wexZhZB7vC9yiFMEW2Rl0KF4vBT

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks