General

  • Target

    e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23

  • Size

    290KB

  • Sample

    241031-zwn31aterl

  • MD5

    de469fdf2dea2262671309d613c8ac4c

  • SHA1

    a9b9437f2a3408d7d7b7e2eb3cf3740f7806cecf

  • SHA256

    e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23

  • SHA512

    1891ebeb5cdd779faa42253e75d361eb919ec8a319794dc7a0821da0eb8b9867b349c70de158338242e2386cf1400ce3906dfe8f49feb06548eac9a7e9645aad

  • SSDEEP

    6144:fgYLudz42rixRoFLXp+0qCka4P/tWm0QYTA+bKcoGT7:ohB4lQrItWm0BdoGT7

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.asesoriaurquijo.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tranKi56

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.asesoriaurquijo.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    tranKi56

Targets

    • Target

      e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23

    • Size

      290KB

    • MD5

      de469fdf2dea2262671309d613c8ac4c

    • SHA1

      a9b9437f2a3408d7d7b7e2eb3cf3740f7806cecf

    • SHA256

      e97b35c4339e0412571a445b2fe20e30fe91585cad505820b56a098a66e54c23

    • SHA512

      1891ebeb5cdd779faa42253e75d361eb919ec8a319794dc7a0821da0eb8b9867b349c70de158338242e2386cf1400ce3906dfe8f49feb06548eac9a7e9645aad

    • SSDEEP

      6144:fgYLudz42rixRoFLXp+0qCka4P/tWm0QYTA+bKcoGT7:ohB4lQrItWm0BdoGT7

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks