General

  • Target

    96f771c11f31eeb7ff503c99e2add907aa3b1a20674a20ecff42e5af758a2b2c

  • Size

    1.1MB

  • Sample

    241111-bzxybazapr

  • MD5

    6bb329ed6da1edd0d48177662349a02f

  • SHA1

    208288af7cd8d6fa8b6fbf5bf911c23407e7cd56

  • SHA256

    96f771c11f31eeb7ff503c99e2add907aa3b1a20674a20ecff42e5af758a2b2c

  • SHA512

    a73de72668ce345f53df9df3406452a0ba38e967135d26a80a07e2e57d906c8c3346cfd459b5ae73aafa707a0501ee2bc22e68797160ecb27dba7f99b84aca9a

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaC5Bpmth937sXGNttdK1zHC:7JZoQrbTFZY1iaC5vml37sXGNt2c

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.stingatoareincendii.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    3.*RYhlG)lkA

Targets

    • Target

      96f771c11f31eeb7ff503c99e2add907aa3b1a20674a20ecff42e5af758a2b2c

    • Size

      1.1MB

    • MD5

      6bb329ed6da1edd0d48177662349a02f

    • SHA1

      208288af7cd8d6fa8b6fbf5bf911c23407e7cd56

    • SHA256

      96f771c11f31eeb7ff503c99e2add907aa3b1a20674a20ecff42e5af758a2b2c

    • SHA512

      a73de72668ce345f53df9df3406452a0ba38e967135d26a80a07e2e57d906c8c3346cfd459b5ae73aafa707a0501ee2bc22e68797160ecb27dba7f99b84aca9a

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaC5Bpmth937sXGNttdK1zHC:7JZoQrbTFZY1iaC5vml37sXGNt2c

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks