General

  • Target

    f9a65861c138e4f29a25a134cc250c8bdd49757e6dc9ffec6deb557ab0839fe4

  • Size

    797KB

  • Sample

    240427-bvzaksgb53

  • MD5

    a3190726bb65bfb1b862c9b5cfba9622

  • SHA1

    3058a8872a4bdab11e86753eb6c1bf707ed82041

  • SHA256

    f9a65861c138e4f29a25a134cc250c8bdd49757e6dc9ffec6deb557ab0839fe4

  • SHA512

    05cd7b9b5944e0b009c2ae6e15596d27f2b43a5d9757ef66b85e53a18818a0c8bb4c0ee4681a3f503c2e06a76aaef059ca2924f226ac42dfce48faaff14e12a2

  • SSDEEP

    24576:K65eIvUXOPYcLdcdjE+SAHKOCs6/hkp6uH+n:teGUXOPYcLdc55cbLFuen

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    terminal4.veeblehosting.com
  • Port:
    587
  • Username:
    1yam@kailmaticarbon.com
  • Password:
    Ifeanyi1987@
  • Email To:
    1yam@labelconvarters.com

Targets

    • Target

      f9a65861c138e4f29a25a134cc250c8bdd49757e6dc9ffec6deb557ab0839fe4

    • Size

      797KB

    • MD5

      a3190726bb65bfb1b862c9b5cfba9622

    • SHA1

      3058a8872a4bdab11e86753eb6c1bf707ed82041

    • SHA256

      f9a65861c138e4f29a25a134cc250c8bdd49757e6dc9ffec6deb557ab0839fe4

    • SHA512

      05cd7b9b5944e0b009c2ae6e15596d27f2b43a5d9757ef66b85e53a18818a0c8bb4c0ee4681a3f503c2e06a76aaef059ca2924f226ac42dfce48faaff14e12a2

    • SSDEEP

      24576:K65eIvUXOPYcLdcdjE+SAHKOCs6/hkp6uH+n:teGUXOPYcLdc55cbLFuen

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks