General

  • Target

    d8bb5e295cfe6010328921b8a0c8bb4724fb71779745e53e5ee7e6b12bc0ff3d

  • Size

    855KB

  • Sample

    240612-cep8eaycpj

  • MD5

    8170abb63cae06fbd8e8ea6c7aa5b078

  • SHA1

    8f4d022527a6564e3f5d96c63c001cd97d59c78b

  • SHA256

    d8bb5e295cfe6010328921b8a0c8bb4724fb71779745e53e5ee7e6b12bc0ff3d

  • SHA512

    3b9b34925f091fc4b04f68a29cc3b44be01fccbf10bce3fcabcb666969a9a9fcc9244494ffada906428e097001e563ea25da290986e356d90d0a66ad16070ca0

  • SSDEEP

    24576:2g61jjk0LAta9AsHDIFaX+IDbcW0EcHb1gKSDKQXw:4P0W0Eci

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      d8bb5e295cfe6010328921b8a0c8bb4724fb71779745e53e5ee7e6b12bc0ff3d

    • Size

      855KB

    • MD5

      8170abb63cae06fbd8e8ea6c7aa5b078

    • SHA1

      8f4d022527a6564e3f5d96c63c001cd97d59c78b

    • SHA256

      d8bb5e295cfe6010328921b8a0c8bb4724fb71779745e53e5ee7e6b12bc0ff3d

    • SHA512

      3b9b34925f091fc4b04f68a29cc3b44be01fccbf10bce3fcabcb666969a9a9fcc9244494ffada906428e097001e563ea25da290986e356d90d0a66ad16070ca0

    • SSDEEP

      24576:2g61jjk0LAta9AsHDIFaX+IDbcW0EcHb1gKSDKQXw:4P0W0Eci

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks