General

  • Target

    Your file name without extension goes here.exe

  • Size

    2.8MB

  • Sample

    240618-km5xtszdpn

  • MD5

    8f6133a74122aa1a27d18e48c2a3fa0c

  • SHA1

    b71bdccb8b06c081589d3063fa02874ffdd2450e

  • SHA256

    a54d0aecd2d24ce47e9773d031b1995a6fe81b9508e02553aef5bd62ae5dcd8f

  • SHA512

    b50d54a3f66c2935e633aadee0e6a6def99d81ed32fb1f7c6386f32bc4af2c8d6fd3ec894b448ae08870e56fd159d16f6ea802296a1274fd4eb96bbcd2de7a1b

  • SSDEEP

    12288:lU46sykEJtb4RlyoxZePN6MAtWRdNu6vuqmBk+El4CG4DPi:lPRykobG7E69URdNxuqyk+dR

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    terminal4.veeblehosting.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Ifeanyi1987@

Targets

    • Target

      Your file name without extension goes here.exe

    • Size

      2.8MB

    • MD5

      8f6133a74122aa1a27d18e48c2a3fa0c

    • SHA1

      b71bdccb8b06c081589d3063fa02874ffdd2450e

    • SHA256

      a54d0aecd2d24ce47e9773d031b1995a6fe81b9508e02553aef5bd62ae5dcd8f

    • SHA512

      b50d54a3f66c2935e633aadee0e6a6def99d81ed32fb1f7c6386f32bc4af2c8d6fd3ec894b448ae08870e56fd159d16f6ea802296a1274fd4eb96bbcd2de7a1b

    • SSDEEP

      12288:lU46sykEJtb4RlyoxZePN6MAtWRdNu6vuqmBk+El4CG4DPi:lPRykobG7E69URdNxuqyk+dR

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks