General

  • Target

    30b3c55e9fcacf75c3a7828f14b42241b9472871f53a24e668e14fd971beb513

  • Size

    1.0MB

  • Sample

    240612-brerrsxeqj

  • MD5

    f4b27282b2b52ba3550e2cf48ed5d098

  • SHA1

    48f88ed37fc4f27c791dfa09c1c33f23b493704b

  • SHA256

    30b3c55e9fcacf75c3a7828f14b42241b9472871f53a24e668e14fd971beb513

  • SHA512

    2bec9b28c6694c9455af79397a19446dec688e2b7014ab7381055cf31331ef4d9339978653ca289ddd4adda3402bc3b6be9d98dcaa47c0befd4c847cf6d081dd

  • SSDEEP

    24576:sAHnh+eWsN3skA4RV1Hom2KXMmHa2SSaqhFi/5:Lh+ZkldoPK8Ya2SSphY

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    u;4z3V.Iir1l

Targets

    • Target

      30b3c55e9fcacf75c3a7828f14b42241b9472871f53a24e668e14fd971beb513

    • Size

      1.0MB

    • MD5

      f4b27282b2b52ba3550e2cf48ed5d098

    • SHA1

      48f88ed37fc4f27c791dfa09c1c33f23b493704b

    • SHA256

      30b3c55e9fcacf75c3a7828f14b42241b9472871f53a24e668e14fd971beb513

    • SHA512

      2bec9b28c6694c9455af79397a19446dec688e2b7014ab7381055cf31331ef4d9339978653ca289ddd4adda3402bc3b6be9d98dcaa47c0befd4c847cf6d081dd

    • SSDEEP

      24576:sAHnh+eWsN3skA4RV1Hom2KXMmHa2SSaqhFi/5:Lh+ZkldoPK8Ya2SSphY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks