General

  • Target

    8f7f66353174db19e733794b28e6463c0815719d5ebdc02006219cdef56d0a79

  • Size

    711KB

  • Sample

    241111-bxhqlszakp

  • MD5

    c3d87770567053bbb7c54da3543b0c83

  • SHA1

    b60efedd99fcf4fc2abd807a7a05ed8baaec0a41

  • SHA256

    8f7f66353174db19e733794b28e6463c0815719d5ebdc02006219cdef56d0a79

  • SHA512

    86f12f0c052a36eacb13211c089608e7edb0d737032a52f037543694bffa265c484d45988094ba3d0742dd34e17ceb047010a0ea2529984581361c4671a0a9a0

  • SSDEEP

    12288:P9BvctM85t35JPNJj2WzoRLQYRYzmY7y9aRxSFL+VsbQtXqA+6r:PD0tM85tbNJjldeYiY7ywR+WsUtXqXa

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.stingatoareincendii.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    3.*RYhlG)lkA

Targets

    • Target

      8f7f66353174db19e733794b28e6463c0815719d5ebdc02006219cdef56d0a79

    • Size

      711KB

    • MD5

      c3d87770567053bbb7c54da3543b0c83

    • SHA1

      b60efedd99fcf4fc2abd807a7a05ed8baaec0a41

    • SHA256

      8f7f66353174db19e733794b28e6463c0815719d5ebdc02006219cdef56d0a79

    • SHA512

      86f12f0c052a36eacb13211c089608e7edb0d737032a52f037543694bffa265c484d45988094ba3d0742dd34e17ceb047010a0ea2529984581361c4671a0a9a0

    • SSDEEP

      12288:P9BvctM85t35JPNJj2WzoRLQYRYzmY7y9aRxSFL+VsbQtXqA+6r:PD0tM85tbNJjldeYiY7ywR+WsUtXqXa

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks