General

  • Target

    b41d04697130c4f5a778445a2749159e2b916a977e58e51c661f24ff9daf9a8d

  • Size

    80KB

  • Sample

    240521-b53ezseb73

  • MD5

    fe81cc3260673cd3e503ef584176c92e

  • SHA1

    f4f53164c7da1534646406978ceda34385f3c485

  • SHA256

    b41d04697130c4f5a778445a2749159e2b916a977e58e51c661f24ff9daf9a8d

  • SHA512

    fb5ad723a85cc1b08ebc4be1acf3e59b2c9a55073e91436a1348e9dfde62b5ddf333f69ec2336c7bcf7b7dbdd0ce7a8e4c3fa6d09aaf1ae8ae19d0d04efb19ff

  • SSDEEP

    1536:/IGmXm4zGHvQ6a952dI1BMWjM3CEF/7GmqbMY7usiY9hkp:/MrzLtPPSD7GmCMY7pdkp

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.antoniomayol.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    cMhKDQUk1{;%

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.antoniomayol.com:21
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    cMhKDQUk1{;%

Targets

    • Target

      b41d04697130c4f5a778445a2749159e2b916a977e58e51c661f24ff9daf9a8d

    • Size

      80KB

    • MD5

      fe81cc3260673cd3e503ef584176c92e

    • SHA1

      f4f53164c7da1534646406978ceda34385f3c485

    • SHA256

      b41d04697130c4f5a778445a2749159e2b916a977e58e51c661f24ff9daf9a8d

    • SHA512

      fb5ad723a85cc1b08ebc4be1acf3e59b2c9a55073e91436a1348e9dfde62b5ddf333f69ec2336c7bcf7b7dbdd0ce7a8e4c3fa6d09aaf1ae8ae19d0d04efb19ff

    • SSDEEP

      1536:/IGmXm4zGHvQ6a952dI1BMWjM3CEF/7GmqbMY7usiY9hkp:/MrzLtPPSD7GmCMY7pdkp

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks