General

  • Target

    27d5530528a8434a7fc2eda7c8e1ac9f5803aa498098a75017a60fafcb85477a

  • Size

    731KB

  • Sample

    240519-bmwjqaag72

  • MD5

    2468f3ff525f5d01eb020089ebb2b13a

  • SHA1

    e073cddfa234d86d7c931f41384323affb39c757

  • SHA256

    27d5530528a8434a7fc2eda7c8e1ac9f5803aa498098a75017a60fafcb85477a

  • SHA512

    4d5973184a6c9880e44413fa5a6cc1d0f77499f4b55c667b23e892bdbd39a980d6561a41533b27728f188ebf5e61ecde8c7a57fb2470e439c307522c24eabde6

  • SSDEEP

    12288:+KAHuplPhAfmT3GnrCHAMw1UNUz6SuSwWcYLlALNkIzvy2S8tIKJp9/SHVkR:NpH+m7Gr87rLDSwWdLONDvtIKJpwHo

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.insleep.com.tr
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    xj%YXHGz&2Np

Targets

    • Target

      27d5530528a8434a7fc2eda7c8e1ac9f5803aa498098a75017a60fafcb85477a

    • Size

      731KB

    • MD5

      2468f3ff525f5d01eb020089ebb2b13a

    • SHA1

      e073cddfa234d86d7c931f41384323affb39c757

    • SHA256

      27d5530528a8434a7fc2eda7c8e1ac9f5803aa498098a75017a60fafcb85477a

    • SHA512

      4d5973184a6c9880e44413fa5a6cc1d0f77499f4b55c667b23e892bdbd39a980d6561a41533b27728f188ebf5e61ecde8c7a57fb2470e439c307522c24eabde6

    • SSDEEP

      12288:+KAHuplPhAfmT3GnrCHAMw1UNUz6SuSwWcYLlALNkIzvy2S8tIKJp9/SHVkR:NpH+m7Gr87rLDSwWdLONDvtIKJpwHo

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks