General

  • Target

    img_RFQ CHEM_REF - Aanbesteding - PROJECT 90016288247_pdf.exe

  • Size

    3.1MB

  • Sample

    240603-ltyb1abg77

  • MD5

    3ad4e0b624ab5e54bb4c9d65aa30ec7e

  • SHA1

    2fa62613a8d66c85b29c29e89482b90c91d96f58

  • SHA256

    ffdec1b87d247393a922973571b8bfa88219a418230abb916105b170e814950a

  • SHA512

    8ba7cea4f4e7b131bb84005e6bf3d00793d1b2e1ce5f308ac0b7150a37b479e6395099bad575a51e55bc471bc768de4e4d21f2239c244746c0562ec1f294a335

  • SSDEEP

    49152:g8yJAk206NICMq5pzKRgqVzK+BgFN/GIm0w0env:XBsuZenv

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.privateemail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    BTwcMq@2

Targets

    • Target

      img_RFQ CHEM_REF - Aanbesteding - PROJECT 90016288247_pdf.exe

    • Size

      3.1MB

    • MD5

      3ad4e0b624ab5e54bb4c9d65aa30ec7e

    • SHA1

      2fa62613a8d66c85b29c29e89482b90c91d96f58

    • SHA256

      ffdec1b87d247393a922973571b8bfa88219a418230abb916105b170e814950a

    • SHA512

      8ba7cea4f4e7b131bb84005e6bf3d00793d1b2e1ce5f308ac0b7150a37b479e6395099bad575a51e55bc471bc768de4e4d21f2239c244746c0562ec1f294a335

    • SSDEEP

      49152:g8yJAk206NICMq5pzKRgqVzK+BgFN/GIm0w0env:XBsuZenv

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks