General

  • Target

    agent-tesla.zip

  • Size

    905KB

  • Sample

    240619-lzyjysybla

  • MD5

    ddac69aa0587357763eced80f7f0369c

  • SHA1

    694ee5d1dbc30ac80b05b8c8203700f63097f509

  • SHA256

    66881cddcd4a40661f2c0e72f812ea7d59314501752d68f1fb5123797a407bac

  • SHA512

    2bb7c02cece9d31643b35f53d2ae4c39007361c01effedc1068d506a912feb310187616b2d3ffe81a9512fb1d82c069d6fab963204bb59cc0e295a101be3da23

  • SSDEEP

    24576:v2mS7eAOTGvJJ9lauV+3KEwcvPsrQTdRItsihVVzqJDHR70R/ra5:u3vKuyKpcvP4aBJDQa5

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.aceja.biz
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Serenity#2773!

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Eseguibile-agent-tesla.exe

    • Size

      929KB

    • MD5

      bcc26da2379e21b521952f6862ce0586

    • SHA1

      fd3a8bb6236333592eaafe96fd2f9be751cb20ad

    • SHA256

      8deec1e6488e81f0d56dbdcd9dcedc489cee19dae90f9c5461abc0bc58e4b0ad

    • SHA512

      6f86b57c0185ede99012e5f9b235890a71e23f1ae7d8777fbf6468948faf3996b1ac745dfe4bb26533991c24adc5ffac8e2dbd1d470db048af3e73dac8b8023a

    • SSDEEP

      24576:climYcBCyHDnI79de3UCovQ4b1YzppveQtG9bqnZ:KOcBZH7I79g6ITzppveQtH

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks