General

  • Target

    f11f93a5776837831393b739472c1b00.bin

  • Size

    667KB

  • Sample

    240612-dnqe7szbnp

  • MD5

    81139d0a9bb2ec0584a43678df679d9b

  • SHA1

    224f62afee1729f38b0efc8861dcf5e226601347

  • SHA256

    a465c93169799bb54cf47631ce23be8a992528e4fb4bd8a92c90b841f0e8c83a

  • SHA512

    8748db700a0b2aaff048da754f23524aa4d926f27221669c6274ed7383e90472385c14e3b5d93f21868a78a77eb544f04c783aefd13d59334659bfbb7033edd8

  • SSDEEP

    12288:Olh1H8W+XtXp37t40kaSUYJCNWMQoeEbGBeDGz4/+ZGPnpLKa1tjt/0ZYoZWc9:4z+9XpaJbJC7PKUy1cBLFXAPsu

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    (=8fPSH$KO_!

Targets

    • Target

      3ca2c3cb6757d240f6809c3d246ef902a4cf66e8baf34aaa6ba4ac0aca81f287.exe

    • Size

      1.1MB

    • MD5

      f11f93a5776837831393b739472c1b00

    • SHA1

      bfbc4164cab663ebb8c665b123395f4c5f8be656

    • SHA256

      3ca2c3cb6757d240f6809c3d246ef902a4cf66e8baf34aaa6ba4ac0aca81f287

    • SHA512

      cb296c0449ddb742cfaa1c35d404beb6ea3ab7f9d6da7ad0b1143ccec73d26685dc0d9985aea4dfaf44110b75dd5844fac6f15a1e3c776aa8a7af68007494f58

    • SSDEEP

      24576:AAHnh+eWsN3skA4RV1Hom2KXMmHa4MylLaqE5:3h+ZkldoPK8Ya4M+Wx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks