General

  • Target

    53bb6272fea5747b234d1f91d0319db2ca01831ba34230585a39eae4af9d8330

  • Size

    1.5MB

  • Sample

    241104-bgmdvszekp

  • MD5

    0597d5446bce6df2deaae0de8401fca5

  • SHA1

    4d2e737866324db4b891ce57f10044eab160645f

  • SHA256

    53bb6272fea5747b234d1f91d0319db2ca01831ba34230585a39eae4af9d8330

  • SHA512

    775f36c68775b890f5ac2be083fdfb04663331bb7c91e374ef2265be757c4d458a6717f9f678a4262e0b21cd33b094f2534b3a5613ec79b411dab6a221565608

  • SSDEEP

    24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8a2X1HffbxXjcQ7E:ITvC/MTQYxsWR7a2Xhffbxb7

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.gizemetiket.com.tr
  • Port:
    21
  • Username:
    pgizemM6
  • Password:
    giz95Ffg

Targets

    • Target

      53bb6272fea5747b234d1f91d0319db2ca01831ba34230585a39eae4af9d8330

    • Size

      1.5MB

    • MD5

      0597d5446bce6df2deaae0de8401fca5

    • SHA1

      4d2e737866324db4b891ce57f10044eab160645f

    • SHA256

      53bb6272fea5747b234d1f91d0319db2ca01831ba34230585a39eae4af9d8330

    • SHA512

      775f36c68775b890f5ac2be083fdfb04663331bb7c91e374ef2265be757c4d458a6717f9f678a4262e0b21cd33b094f2534b3a5613ec79b411dab6a221565608

    • SSDEEP

      24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8a2X1HffbxXjcQ7E:ITvC/MTQYxsWR7a2Xhffbxb7

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks