General

  • Target

    4dd610b2e78958e224f56685ac063303df32bf6699274d4af8769f1745212c8c

  • Size

    555KB

  • Sample

    240612-btd81sxerh

  • MD5

    0a2551eb9023af662fd2d6caa414bde1

  • SHA1

    06df2cd92d0596a7d20893ea1e20ceff7f4bbd20

  • SHA256

    4dd610b2e78958e224f56685ac063303df32bf6699274d4af8769f1745212c8c

  • SHA512

    f6a4e73da1a22d3efa656a8a29753bd6f8fceb3e09fb9f3050593d7074856e5980659fa552159ffb55a67812c9112eb518d2c86db3e632145eb65e740d69ed42

  • SSDEEP

    12288:xYV6MorX7qzuC3QHO9FQVHPF51jgcf9uIJt+goefIlbi5Ef:GBXu9HGaVHUUMD2Idi0

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    u;4z3V.Iir1l

Targets

    • Target

      4dd610b2e78958e224f56685ac063303df32bf6699274d4af8769f1745212c8c

    • Size

      555KB

    • MD5

      0a2551eb9023af662fd2d6caa414bde1

    • SHA1

      06df2cd92d0596a7d20893ea1e20ceff7f4bbd20

    • SHA256

      4dd610b2e78958e224f56685ac063303df32bf6699274d4af8769f1745212c8c

    • SHA512

      f6a4e73da1a22d3efa656a8a29753bd6f8fceb3e09fb9f3050593d7074856e5980659fa552159ffb55a67812c9112eb518d2c86db3e632145eb65e740d69ed42

    • SSDEEP

      12288:xYV6MorX7qzuC3QHO9FQVHPF51jgcf9uIJt+goefIlbi5Ef:GBXu9HGaVHUUMD2Idi0

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks