General

  • Target

    92ff947058fa4ce4d1ee055578b409e96ac039175a0089942078009dc4880d6d

  • Size

    782KB

  • Sample

    240521-bz42madh95

  • MD5

    731dc01c999ccaaea3daf9f70dca56c6

  • SHA1

    17861a9dfc84cb7b25b01aa35a38e50a5246ada4

  • SHA256

    92ff947058fa4ce4d1ee055578b409e96ac039175a0089942078009dc4880d6d

  • SHA512

    158f3173717e546e8aa61fbef3b4a8f87e0d87dba7e75e5388c0f2561866cf551116fa3d788f23cda1a412440cbdac18db4121703d332d9bb8a4fbe326a5fe6f

  • SSDEEP

    24576:Ey3yRqbqNgIZmtxXT8e+JHa43Tg3FGhEmGE:E0yECgIctwM3rM

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.skitz.com.ng
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Kosyano1@

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.skitz.com.ng
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    Kosyano1@

Targets

    • Target

      April Accounting Ledger.exe

    • Size

      1.0MB

    • MD5

      9b8544c46d581622f7d13513c90960d7

    • SHA1

      ab8f26ade5e500fa6b0ad95cf526ef0d163bee04

    • SHA256

      f872e441743cc9c85aa611b5060dd2d5b392adf20eae28ff57716a4a64dc96b5

    • SHA512

      752b3de1874cac45dd3317fba21260638af77ae0d0d655a787178a798c8ffdaf221ea24963de213912ea6b102d782dc050fdbf54923d190bd5b9e8d1ec6e485d

    • SSDEEP

      24576:MzsxWtb3BEvGdb3AQfGZ3TI53jWVeCMSpSpmax:M5ZBEed1Y3kqVeCMeTax

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Uses the VBS compiler for execution

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks