General

  • Target

    8f8fbf4e41c855fbf305cab4a3040bc2c3abbbb8ad0505a1897e29f59f8e6ead

  • Size

    2.2MB

  • Sample

    240612-brpxqsxeng

  • MD5

    5994df8e6bfeed824bcc377271db9ad5

  • SHA1

    c2cc6935401f8f5a7c96c5cddbae5fc89909aacb

  • SHA256

    8f8fbf4e41c855fbf305cab4a3040bc2c3abbbb8ad0505a1897e29f59f8e6ead

  • SHA512

    8d177c06d648a7f3fb0c43b0cea748a26518e4e3f0bcdf02ef4fe8bd3ee65d5e32560d821e039416abefa442aadb40e96e6414f2dcacc65b0cb4ffb34bc83166

  • SSDEEP

    24576:3MfbE4S0B0E88VlLmXQJW+4ZdZF8iDaombiTArfK:cfbE4S0B0WVh4Q34ZdHaNTrS

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.topshopltd.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    INFO001! ,, ..

Targets

    • Target

      8f8fbf4e41c855fbf305cab4a3040bc2c3abbbb8ad0505a1897e29f59f8e6ead

    • Size

      2.2MB

    • MD5

      5994df8e6bfeed824bcc377271db9ad5

    • SHA1

      c2cc6935401f8f5a7c96c5cddbae5fc89909aacb

    • SHA256

      8f8fbf4e41c855fbf305cab4a3040bc2c3abbbb8ad0505a1897e29f59f8e6ead

    • SHA512

      8d177c06d648a7f3fb0c43b0cea748a26518e4e3f0bcdf02ef4fe8bd3ee65d5e32560d821e039416abefa442aadb40e96e6414f2dcacc65b0cb4ffb34bc83166

    • SSDEEP

      24576:3MfbE4S0B0E88VlLmXQJW+4ZdZF8iDaombiTArfK:cfbE4S0B0WVh4Q34ZdHaNTrS

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks