General

  • Target

    be700b3cf3b03bda8e1d549596280d75acb88c30f64eb1d9dda21c09e4216ac9N

  • Size

    1.0MB

  • Sample

    241110-bw6q2swhla

  • MD5

    0b0b9b6dce9a70a1cc10a9ec85c11e00

  • SHA1

    2c3c3b7e492e3709bb5351476c0a2a7bbdba3697

  • SHA256

    be700b3cf3b03bda8e1d549596280d75acb88c30f64eb1d9dda21c09e4216ac9

  • SHA512

    b3e1efa554c56a5a4ac1c15479922faccc463fcce87c8cde5fbef474ea6443707ac78962c3c341f519ab97dbce3884963946dd3e016e9653bd308cc553653628

  • SSDEEP

    12288:2bIrE0Sq+sMD/BPyf13SFyIz8VOHazm/SIo6I6JT/sofpdC5rOVUSo:YIo0SztPyf13WyOHaY/sofXC5K

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.zoho.eu
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    office12#

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      be700b3cf3b03bda8e1d549596280d75acb88c30f64eb1d9dda21c09e4216ac9N

    • Size

      1.0MB

    • MD5

      0b0b9b6dce9a70a1cc10a9ec85c11e00

    • SHA1

      2c3c3b7e492e3709bb5351476c0a2a7bbdba3697

    • SHA256

      be700b3cf3b03bda8e1d549596280d75acb88c30f64eb1d9dda21c09e4216ac9

    • SHA512

      b3e1efa554c56a5a4ac1c15479922faccc463fcce87c8cde5fbef474ea6443707ac78962c3c341f519ab97dbce3884963946dd3e016e9653bd308cc553653628

    • SSDEEP

      12288:2bIrE0Sq+sMD/BPyf13SFyIz8VOHazm/SIo6I6JT/sofpdC5rOVUSo:YIo0SztPyf13WyOHaY/sofXC5K

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks