General

  • Target

    PO_27052024.exe

  • Size

    660KB

  • Sample

    240527-hsmx4acf77

  • MD5

    4199d8995c4b86f6053c43cb70a87aa9

  • SHA1

    ae7d740bc01ae87d643f98264efa3b995365a66f

  • SHA256

    74a7dd343c4fac52d9d695d8d189a1bf3d5e5578622099bdf731544df385b75d

  • SHA512

    e78a6a99ae8157f295a8c0cac9a0d72da5de4f4aa9e2fbaa131996e76eeb2906593d0e2bb6e82b8b733fd080cad5af1da5cea9b60be372942ac13122d6f5bbce

  • SSDEEP

    12288:iuxrYCFd6xhOIHq2tGUoa/Vyljum2dQbimFl8+IjkpqyhscnFQXkR:181xh7HqmGUosV2qQbim34EhRFQC

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.alitextile.com
  • Port:
    587
  • Username:
    9@alitextile.com
  • Password:
    Myname321@
  • Email To:
    ssgg@alitextile.com

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.alitextile.com
  • Port:
    587
  • Username:
    9@alitextile.com
  • Password:
    Myname321@

Targets

    • Target

      PO_27052024.exe

    • Size

      660KB

    • MD5

      4199d8995c4b86f6053c43cb70a87aa9

    • SHA1

      ae7d740bc01ae87d643f98264efa3b995365a66f

    • SHA256

      74a7dd343c4fac52d9d695d8d189a1bf3d5e5578622099bdf731544df385b75d

    • SHA512

      e78a6a99ae8157f295a8c0cac9a0d72da5de4f4aa9e2fbaa131996e76eeb2906593d0e2bb6e82b8b733fd080cad5af1da5cea9b60be372942ac13122d6f5bbce

    • SSDEEP

      12288:iuxrYCFd6xhOIHq2tGUoa/Vyljum2dQbimFl8+IjkpqyhscnFQXkR:181xh7HqmGUosV2qQbim34EhRFQC

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Collection

Data from Local System

2
T1005

Tasks