General

  • Target

    3dc30eca9e2605ee856852687b05a74a8b9463de51a223b8344098ba7b402804.exe

  • Size

    1.3MB

  • Sample

    241104-cqqy3s1fmp

  • MD5

    92eb7fdd42c1963733436dadbefe10eb

  • SHA1

    cc9fdc3b7f4f407eda3ad5064d32bae0d211f15f

  • SHA256

    3dc30eca9e2605ee856852687b05a74a8b9463de51a223b8344098ba7b402804

  • SHA512

    434aef63d6b8710153c5f70319de27b13503ac9db7d115d8eb2ca905f7725f1180469da33396089b864b54c5425b2014e8eea005e6d7fafd15751a99abc64d3c

  • SSDEEP

    24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8aEfave0z8bFfCZ+SIN37VdYfkHCpmLb:ITvC/MTQYxsWR7aEfaRhbaLVdYfkig

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.gizemetiket.com.tr
  • Port:
    21
  • Username:
    pgizemM6
  • Password:
    giz95Ffg

Targets

    • Target

      3dc30eca9e2605ee856852687b05a74a8b9463de51a223b8344098ba7b402804.exe

    • Size

      1.3MB

    • MD5

      92eb7fdd42c1963733436dadbefe10eb

    • SHA1

      cc9fdc3b7f4f407eda3ad5064d32bae0d211f15f

    • SHA256

      3dc30eca9e2605ee856852687b05a74a8b9463de51a223b8344098ba7b402804

    • SHA512

      434aef63d6b8710153c5f70319de27b13503ac9db7d115d8eb2ca905f7725f1180469da33396089b864b54c5425b2014e8eea005e6d7fafd15751a99abc64d3c

    • SSDEEP

      24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8aEfave0z8bFfCZ+SIN37VdYfkHCpmLb:ITvC/MTQYxsWR7aEfaRhbaLVdYfkig

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks