General

  • Target

    1fb88a4ae16628d60484b3d36d213cb546a52f407f3b4d2fc2c846194011f719

  • Size

    234KB

  • Sample

    240408-bhd4wacb4v

  • MD5

    6ca0e4f2cd83a062cff2abd0e2f4a6fa

  • SHA1

    db46bfad524966aeebd9a1e1e3d921c4ade17044

  • SHA256

    1fb88a4ae16628d60484b3d36d213cb546a52f407f3b4d2fc2c846194011f719

  • SHA512

    163bfc356b7aea639d43c2e4ac3b06441170721f464a8c8e6e6e328ce78bb3ccfb6af1ef5a7157e683c8e2deb626dfd0da194f7d6a11939b98f1e2b44fc7b562

  • SSDEEP

    3072:xDZGyuymF5J4/uabbICF4f7skwg6Ck852c12d/:xDZGyuym/J4/uabbICFMsV9A1y

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.etiprim.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    ETP@habiballah2023

Targets

    • Target

      1fb88a4ae16628d60484b3d36d213cb546a52f407f3b4d2fc2c846194011f719

    • Size

      234KB

    • MD5

      6ca0e4f2cd83a062cff2abd0e2f4a6fa

    • SHA1

      db46bfad524966aeebd9a1e1e3d921c4ade17044

    • SHA256

      1fb88a4ae16628d60484b3d36d213cb546a52f407f3b4d2fc2c846194011f719

    • SHA512

      163bfc356b7aea639d43c2e4ac3b06441170721f464a8c8e6e6e328ce78bb3ccfb6af1ef5a7157e683c8e2deb626dfd0da194f7d6a11939b98f1e2b44fc7b562

    • SSDEEP

      3072:xDZGyuymF5J4/uabbICF4f7skwg6Ck852c12d/:xDZGyuym/J4/uabbICFMsV9A1y

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks