General

  • Target

    3265291a959f56551dc3b51b26d75b088a25d26c86a91bfe9e7581b5677024e7

  • Size

    705KB

  • Sample

    240523-bsehdsgd6z

  • MD5

    8d599a2ceba45b59bd4918c6699b94ee

  • SHA1

    a5943b4d3c04200cf27216cb7b985db537b9e6c0

  • SHA256

    3265291a959f56551dc3b51b26d75b088a25d26c86a91bfe9e7581b5677024e7

  • SHA512

    55ba1dd1e372cb58bd64e162f634350bab40f8f737c00f26a92faf0b6b1f693f0f0f93474f759bebd572b05acc1ee1f5a6f23c8328b7cee8d741612c472d41fb

  • SSDEEP

    12288:ux1bAPIvJc0gPU0OjtdkL54aQj+kSci8JArPoPv2RnOFdYMjhvPie/rByY77777z:ux1AsJcm02dkCTj+k7vJAMPv2FOFdYMH

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.elquijotebanquetes.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    -GN,s*KH{VEhPmo)+f

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.elquijotebanquetes.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    -GN,s*KH{VEhPmo)+f

Targets

    • Target

      3265291a959f56551dc3b51b26d75b088a25d26c86a91bfe9e7581b5677024e7

    • Size

      705KB

    • MD5

      8d599a2ceba45b59bd4918c6699b94ee

    • SHA1

      a5943b4d3c04200cf27216cb7b985db537b9e6c0

    • SHA256

      3265291a959f56551dc3b51b26d75b088a25d26c86a91bfe9e7581b5677024e7

    • SHA512

      55ba1dd1e372cb58bd64e162f634350bab40f8f737c00f26a92faf0b6b1f693f0f0f93474f759bebd572b05acc1ee1f5a6f23c8328b7cee8d741612c472d41fb

    • SSDEEP

      12288:ux1bAPIvJc0gPU0OjtdkL54aQj+kSci8JArPoPv2RnOFdYMjhvPie/rByY77777z:ux1AsJcm02dkCTj+k7vJAMPv2FOFdYMH

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks