General

  • Target

    f3d8f1a28bc27419a3f91c2bb772e94e5221e598d1e0acba09e814354fa46ed6.exe

  • Size

    713KB

  • Sample

    240518-k9vqdadc4w

  • MD5

    b5a3d9c1584e82409a3651f03127983c

  • SHA1

    84ab921d6ba17f28679330b2863f90331cc2c70e

  • SHA256

    f3d8f1a28bc27419a3f91c2bb772e94e5221e598d1e0acba09e814354fa46ed6

  • SHA512

    ed0a64ac59212e2008cc468c3929c57740b62716569ef8a8fa77d9899449c0f518d18982fac770d6635bfa71be0808c1a5940ff9921e2a89c5052ebaa6527f0a

  • SSDEEP

    12288:0fdrLbDZaNRplJc6lDTD6V2pv25r2/i2bV576dIpcZ9yrCFqBqi/1aM5jtkR:mLDZMRpncGDTGVl5rmNx57m9FqBqi/1S

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.alitextile.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Myname321@

Targets

    • Target

      f3d8f1a28bc27419a3f91c2bb772e94e5221e598d1e0acba09e814354fa46ed6.exe

    • Size

      713KB

    • MD5

      b5a3d9c1584e82409a3651f03127983c

    • SHA1

      84ab921d6ba17f28679330b2863f90331cc2c70e

    • SHA256

      f3d8f1a28bc27419a3f91c2bb772e94e5221e598d1e0acba09e814354fa46ed6

    • SHA512

      ed0a64ac59212e2008cc468c3929c57740b62716569ef8a8fa77d9899449c0f518d18982fac770d6635bfa71be0808c1a5940ff9921e2a89c5052ebaa6527f0a

    • SSDEEP

      12288:0fdrLbDZaNRplJc6lDTD6V2pv25r2/i2bV576dIpcZ9yrCFqBqi/1aM5jtkR:mLDZMRpncGDTGVl5rmNx57m9FqBqi/1S

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks