General

  • Target

    2fff0f7daa795fcbb020c79c9d3187b74bc4851a4bf83b1341c6288b06faf321

  • Size

    1.0MB

  • Sample

    240612-btm6xsxfjd

  • MD5

    1ec0eac3165afc1864ad1658834fc9e4

  • SHA1

    6c355bb6e6013b6f4b2c155bae4cd27a6136c918

  • SHA256

    2fff0f7daa795fcbb020c79c9d3187b74bc4851a4bf83b1341c6288b06faf321

  • SHA512

    25f19ab91a6d0ec4c0aa0cdfc5ed6853e2cedf502fa655456b3e5f2f850aff413ad5040d817be29c460f0ca4e3c34f6eb37456bfeb70e4309e5b69f28e042407

  • SSDEEP

    24576:bAHnh+eWsN3skA4RV1Hom2KXcmtcRgUMD2IdiPT5:2h+ZkldoPKsacRgZ1dk

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    u;4z3V.Iir1l

Targets

    • Target

      2fff0f7daa795fcbb020c79c9d3187b74bc4851a4bf83b1341c6288b06faf321

    • Size

      1.0MB

    • MD5

      1ec0eac3165afc1864ad1658834fc9e4

    • SHA1

      6c355bb6e6013b6f4b2c155bae4cd27a6136c918

    • SHA256

      2fff0f7daa795fcbb020c79c9d3187b74bc4851a4bf83b1341c6288b06faf321

    • SHA512

      25f19ab91a6d0ec4c0aa0cdfc5ed6853e2cedf502fa655456b3e5f2f850aff413ad5040d817be29c460f0ca4e3c34f6eb37456bfeb70e4309e5b69f28e042407

    • SSDEEP

      24576:bAHnh+eWsN3skA4RV1Hom2KXcmtcRgUMD2IdiPT5:2h+ZkldoPKsacRgZ1dk

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks