General

  • Target

    32dd3fff0f61aab860e6f50e2ad3b8ca

  • Size

    769KB

  • Sample

    240913-2f4vmatbqg

  • MD5

    32dd3fff0f61aab860e6f50e2ad3b8ca

  • SHA1

    01b99169e4cb5bfb2282a7b766725f9d6e472c92

  • SHA256

    700f3ac0cc9b1a26ba213ebcf344af38972795efbbf01a56b3b0190790838c8a

  • SHA512

    fedaa7a8c93c96723a5dfb896cbf0ee70c082fa23cd22b7cbcbdfb342d99bb31c50073ebdebe7adeaf2cc38946d8267d884b8f16962c96c7605c02006045534e

  • SSDEEP

    12288:30cmlfRrt583KWgr8L5R/dh/ygyn8dcIq8Lr8i6b7L8uKwnRk/xO6MjvLe8:OfRrtudgreth/r8NvzKwnRk/UvLe8

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    bayermlb.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    belnel@123

Targets

    • Target

      32dd3fff0f61aab860e6f50e2ad3b8ca

    • Size

      769KB

    • MD5

      32dd3fff0f61aab860e6f50e2ad3b8ca

    • SHA1

      01b99169e4cb5bfb2282a7b766725f9d6e472c92

    • SHA256

      700f3ac0cc9b1a26ba213ebcf344af38972795efbbf01a56b3b0190790838c8a

    • SHA512

      fedaa7a8c93c96723a5dfb896cbf0ee70c082fa23cd22b7cbcbdfb342d99bb31c50073ebdebe7adeaf2cc38946d8267d884b8f16962c96c7605c02006045534e

    • SSDEEP

      12288:30cmlfRrt583KWgr8L5R/dh/ygyn8dcIq8Lr8i6b7L8uKwnRk/xO6MjvLe8:OfRrtudgreth/r8NvzKwnRk/UvLe8

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks