General

  • Target

    f021c8313337e8ead2b4e82601364345b15191c998e8fca9b561bed84658ec57

  • Size

    1.2MB

  • Sample

    240523-c46lpaah6x

  • MD5

    9aa81bc3c40cbbf486043aa4cce85c00

  • SHA1

    104d2689ed8c6b8a11457ee5d9057a971d6da4b7

  • SHA256

    f021c8313337e8ead2b4e82601364345b15191c998e8fca9b561bed84658ec57

  • SHA512

    aadaee093f386397d4ab52336109bf731783443b6cd67ebc0c4f23b2cf4bf566637a7dbb65ddf4e7d6af9e71b17a449001210412eae76a3e24d60d7189b7e3ab

  • SSDEEP

    24576:tSu1S82mBVrIiudqyQm35h9OZKLueX/AtuN7C:tSuU82mTVqQmL9F

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.worlorderbillions.top
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    =;=yKWThEGx-

Targets

    • Target

      f021c8313337e8ead2b4e82601364345b15191c998e8fca9b561bed84658ec57

    • Size

      1.2MB

    • MD5

      9aa81bc3c40cbbf486043aa4cce85c00

    • SHA1

      104d2689ed8c6b8a11457ee5d9057a971d6da4b7

    • SHA256

      f021c8313337e8ead2b4e82601364345b15191c998e8fca9b561bed84658ec57

    • SHA512

      aadaee093f386397d4ab52336109bf731783443b6cd67ebc0c4f23b2cf4bf566637a7dbb65ddf4e7d6af9e71b17a449001210412eae76a3e24d60d7189b7e3ab

    • SSDEEP

      24576:tSu1S82mBVrIiudqyQm35h9OZKLueX/AtuN7C:tSuU82mTVqQmL9F

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks