General

  • Target

    ccd022fa7f9a0ee0928a7736faed2f9d9123234d209c7fdf9b436776669c4644.exe

  • Size

    244KB

  • Sample

    240518-la4pnsdc34

  • MD5

    1022eee3d28a81920664b590983aafaa

  • SHA1

    002c1889f8e8ebbf781e3a1edb0985068b2a5b96

  • SHA256

    ccd022fa7f9a0ee0928a7736faed2f9d9123234d209c7fdf9b436776669c4644

  • SHA512

    b2bc0d955f356596f939c0457c367fa79b192237e6a27591e02cf315076afab1908ed3093dda53bd2bcb7dfe20604779b72255e97c52c4c8487c8a50c40d6d4b

  • SSDEEP

    3072:DsUqShjy6yaCYHb+lDzVuXn9Phn755rh4xsnD:DsUqcy6yaCY7+lDzV4PhnTh4e

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6937426667:AAH5h4aXvUjmlMFV8im9A9lKn7JS7MyNHLA/

Targets

    • Target

      ccd022fa7f9a0ee0928a7736faed2f9d9123234d209c7fdf9b436776669c4644.exe

    • Size

      244KB

    • MD5

      1022eee3d28a81920664b590983aafaa

    • SHA1

      002c1889f8e8ebbf781e3a1edb0985068b2a5b96

    • SHA256

      ccd022fa7f9a0ee0928a7736faed2f9d9123234d209c7fdf9b436776669c4644

    • SHA512

      b2bc0d955f356596f939c0457c367fa79b192237e6a27591e02cf315076afab1908ed3093dda53bd2bcb7dfe20604779b72255e97c52c4c8487c8a50c40d6d4b

    • SSDEEP

      3072:DsUqShjy6yaCYHb+lDzVuXn9Phn755rh4xsnD:DsUqcy6yaCY7+lDzV4PhnTh4e

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks