General

  • Target

    84e1a45918afb544702cc79905c1a98daf1f51bd23bb35b20022a31c533e5d8c

  • Size

    797KB

  • Sample

    240604-b7bp2shg93

  • MD5

    e432767ebac49d4ac7c9d8665449a0d0

  • SHA1

    7751e7c228393ed0593bbf2c9357fcf29c614c73

  • SHA256

    84e1a45918afb544702cc79905c1a98daf1f51bd23bb35b20022a31c533e5d8c

  • SHA512

    8d882722d9d80287d529e26d00bcf07aa5d958878dab73f498443c4a265193d2fbac13461e05e9feeedd332590f2ef1db354e8f1fba287a9e1b4e69ce9f7a3bf

  • SSDEEP

    12288:+DYA+rNUci0+YmZbmNIK0stezfpCUBkD3pied2puR2F7BdyqWnBvcytA:+5+r5AYaJwhidldy75zW

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.officeemailbackup.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    *L_n.e3}D?ky

Targets

    • Target

      84e1a45918afb544702cc79905c1a98daf1f51bd23bb35b20022a31c533e5d8c

    • Size

      797KB

    • MD5

      e432767ebac49d4ac7c9d8665449a0d0

    • SHA1

      7751e7c228393ed0593bbf2c9357fcf29c614c73

    • SHA256

      84e1a45918afb544702cc79905c1a98daf1f51bd23bb35b20022a31c533e5d8c

    • SHA512

      8d882722d9d80287d529e26d00bcf07aa5d958878dab73f498443c4a265193d2fbac13461e05e9feeedd332590f2ef1db354e8f1fba287a9e1b4e69ce9f7a3bf

    • SSDEEP

      12288:+DYA+rNUci0+YmZbmNIK0stezfpCUBkD3pied2puR2F7BdyqWnBvcytA:+5+r5AYaJwhidldy75zW

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks