General

  • Target

    c14a676f9c3d9ac92006435ffe0af47756c61e3813235d029bc9b7a6663459ed

  • Size

    795KB

  • Sample

    240519-bgyf5aad49

  • MD5

    d57ca878c1c2b72d0c093d348df80ef2

  • SHA1

    9a9af81e5fa544012861fe01027abf1dee9415cd

  • SHA256

    c14a676f9c3d9ac92006435ffe0af47756c61e3813235d029bc9b7a6663459ed

  • SHA512

    a78acc61d6fc2c6f72ce1517e2de80ad693b9a78a378332a0d792dbb3f2015e8ce89a4e2b26c8ce376f4a593a1283ff2d00459d977e995e6b53ff436ce0b06b9

  • SSDEEP

    24576:mQnyfr/D5BrPNYIG/V8JNOMLxnO8PDiYMFniyy:Jn+P5BrPNYH8JNpLA+FMFny

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.ipr-co.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    IPRco@100102@

Targets

    • Target

      c14a676f9c3d9ac92006435ffe0af47756c61e3813235d029bc9b7a6663459ed

    • Size

      795KB

    • MD5

      d57ca878c1c2b72d0c093d348df80ef2

    • SHA1

      9a9af81e5fa544012861fe01027abf1dee9415cd

    • SHA256

      c14a676f9c3d9ac92006435ffe0af47756c61e3813235d029bc9b7a6663459ed

    • SHA512

      a78acc61d6fc2c6f72ce1517e2de80ad693b9a78a378332a0d792dbb3f2015e8ce89a4e2b26c8ce376f4a593a1283ff2d00459d977e995e6b53ff436ce0b06b9

    • SSDEEP

      24576:mQnyfr/D5BrPNYIG/V8JNOMLxnO8PDiYMFniyy:Jn+P5BrPNYH8JNpLA+FMFny

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks