General

  • Target

    bb3bc7994d092c3f510327cf6e11506fe17c0d6fae9ae220de12f5928a2c185e_payload.exe

  • Size

    233KB

  • Sample

    240519-ck5kaada8s

  • MD5

    5685c9e77543164f93d8b427460635e9

  • SHA1

    09a58f47a6edbf76083803d87366bb7e8f9f07c6

  • SHA256

    4979935b585e0fbafc28b997b2ba22bc52ae9ff4b9e1dfaf2a0ed93f7603ae5d

  • SHA512

    f3c09abc8b9e4dedd98fa2c935edfea74f72a701613394bdea1e0bee2ae20b0e879ffc1a536a37ba0450a297fc92b37ac3a9bc4f769eb3a7492dd285c836e8b4

  • SSDEEP

    3072:EbYCeMoUAMw0HXSI5rRWZmImxHGly5ugDD15:bCeMoUAMw0HXSIHWZmI2HGlCDx

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://eu-west-1.sftpcloud.io
  • Port:
    21
  • Username:
    dc2d3038d5c743319b4d84cc320c4fad
  • Password:
    xmFBI1ctaq8b1qv5SWZ3AOzpG1Yb6y2K

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    eu-west-1.sftpcloud.io
  • Port:
    21
  • Username:
    dc2d3038d5c743319b4d84cc320c4fad
  • Password:
    xmFBI1ctaq8b1qv5SWZ3AOzpG1Yb6y2K

Targets

    • Target

      bb3bc7994d092c3f510327cf6e11506fe17c0d6fae9ae220de12f5928a2c185e_payload.exe

    • Size

      233KB

    • MD5

      5685c9e77543164f93d8b427460635e9

    • SHA1

      09a58f47a6edbf76083803d87366bb7e8f9f07c6

    • SHA256

      4979935b585e0fbafc28b997b2ba22bc52ae9ff4b9e1dfaf2a0ed93f7603ae5d

    • SHA512

      f3c09abc8b9e4dedd98fa2c935edfea74f72a701613394bdea1e0bee2ae20b0e879ffc1a536a37ba0450a297fc92b37ac3a9bc4f769eb3a7492dd285c836e8b4

    • SSDEEP

      3072:EbYCeMoUAMw0HXSI5rRWZmImxHGly5ugDD15:bCeMoUAMw0HXSIHWZmI2HGlCDx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks