General

  • Target

    Официално писмо № 0280_08_09-10-2024г.docx.exe

  • Size

    1.2MB

  • Sample

    240916-v9zz7s1clb

  • MD5

    e0d57a92476711a3438a44fa205e1720

  • SHA1

    a1669d33a5b53f9c501c01ec2bc7e155a6964a38

  • SHA256

    696a1a956d00c895f0716efdec49515d65deae2edd12cad87c13c29f31fbd360

  • SHA512

    7f6173a7d61dc797fc63456240b26daca47580ca901e3af901926fe293ab703c83b1c1f7fb5e47378d42d3443524db13707283018699e76e1dd5de2aae1a80e9

  • SSDEEP

    24576:I3c92psKAq6ITV5vGbao8LSEI28uUESJVufn/VtvVE:I3cYaKd6EGbrs4ySQ

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    webmail.anagennisi-sa.gr
  • Port:
    587
  • Username:
    fs@anagennisi-sa.gr
  • Password:
    Smiliotopoulou
  • Email To:
    nolimitforce@yandex.com

Targets

    • Target

      Официално писмо № 0280_08_09-10-2024г.docx.exe

    • Size

      1.2MB

    • MD5

      e0d57a92476711a3438a44fa205e1720

    • SHA1

      a1669d33a5b53f9c501c01ec2bc7e155a6964a38

    • SHA256

      696a1a956d00c895f0716efdec49515d65deae2edd12cad87c13c29f31fbd360

    • SHA512

      7f6173a7d61dc797fc63456240b26daca47580ca901e3af901926fe293ab703c83b1c1f7fb5e47378d42d3443524db13707283018699e76e1dd5de2aae1a80e9

    • SSDEEP

      24576:I3c92psKAq6ITV5vGbao8LSEI28uUESJVufn/VtvVE:I3cYaKd6EGbrs4ySQ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.