General

  • Target

    0b027bd2900b1ee4a267a552bad83acff1c109d3bd7d16faf6d8e4773f076a1a

  • Size

    641KB

  • Sample

    240918-w5cvjswemh

  • MD5

    dc10373578a2514b4defe039f07e8342

  • SHA1

    684685f0cfca186b4dfdfc55f14b8edc7d783c75

  • SHA256

    0b027bd2900b1ee4a267a552bad83acff1c109d3bd7d16faf6d8e4773f076a1a

  • SHA512

    524fee44468e700106e7cdb5ff3a0975dbcbd1530fa700550cc7b68f6d080c3f43e136bde8c7e43a80e077616d06e2aba8ac04bdd74d6b51e962c3d704eaf912

  • SSDEEP

    12288:DVlyFID894CDiOnoTYkSqIsLXmT2dk4cSp2xfDEAvog+cRfPL3ZPcmiCu5276JxY:DVlIuacOQ7XWSgEAv19RfPTZPcrVi67h

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.jeepcommerce.rs
  • Port:
    21
  • Username:
    w133y@jeepcommerce.rs
  • Password:
    Q6]7rLSD*gU2

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.jeepcommerce.rs
  • Port:
    21
  • Username:
    w133y@jeepcommerce.rs
  • Password:
    Q6]7rLSD*gU2

Targets

    • Target

      0b027bd2900b1ee4a267a552bad83acff1c109d3bd7d16faf6d8e4773f076a1a

    • Size

      641KB

    • MD5

      dc10373578a2514b4defe039f07e8342

    • SHA1

      684685f0cfca186b4dfdfc55f14b8edc7d783c75

    • SHA256

      0b027bd2900b1ee4a267a552bad83acff1c109d3bd7d16faf6d8e4773f076a1a

    • SHA512

      524fee44468e700106e7cdb5ff3a0975dbcbd1530fa700550cc7b68f6d080c3f43e136bde8c7e43a80e077616d06e2aba8ac04bdd74d6b51e962c3d704eaf912

    • SSDEEP

      12288:DVlyFID894CDiOnoTYkSqIsLXmT2dk4cSp2xfDEAvog+cRfPL3ZPcmiCu5276JxY:DVlIuacOQ7XWSgEAv19RfPTZPcrVi67h

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.