General

  • Target

    04092024011903092024BANKDETAILSRO83728274746272627362.lzh

  • Size

    534KB

  • Sample

    240904-ghadksvgjq

  • MD5

    05997ef5b3cd9c79276c0f7a751695a1

  • SHA1

    00815ba22b4e61d9b3fd7567a6dc8618f47f77e0

  • SHA256

    77493c7ae3766b67427a8b2833a78a9864304022c15ff5dcc633a5996ce09dad

  • SHA512

    017b1e8ed91787c1013fce976f4581edd7d23c3f83eed3f4c7f2080b6670acc43f1549199257faa57a9d711c1adf88adf1d63b37d5ef9cc1db5fd46485354aa3

  • SSDEEP

    12288:Cx0MUNVDi1S/2mPrB/ybU6ovrYaQc+Mcdd02vh4BsiPkqnYuu3iH:Cx/UrYC2arFGU6kEc+3G2OkqnFu3iH

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.solucionesmexico.mx
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    dGG^ZYIxX5!B

Targets

    • Target

      BANK DETAILS RO83728274746272627362.exe

    • Size

      1.0MB

    • MD5

      d29f4a082738048f4e8e140c7a51ccbd

    • SHA1

      0109d7343fbd32b56fbb1a22115c172a88337638

    • SHA256

      cca7d56dffd819b96dcc149a4cd08308aa40035b73930e409d83e6434932b68e

    • SHA512

      fbf8c43e9a268723be7269dcda51e38b4b587dd6d935f931166690befc505882bc684a81184a8156d41adbb57a495347fbc40af76e03305c7646337ab3977dec

    • SSDEEP

      24576:TAHnh+eWsN3skA4RV1Hom2KXMmHaaM8Q9v+MN7+r7yH5:eh+ZkldoPK8Yaa6pNie

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks