General

  • Target

    5d04f6813a1596241cd9e92b09f132f5d5792dc9d05d1987076be1764b1b5287.exe

  • Size

    1.3MB

  • Sample

    241112-cvyvgssfnh

  • MD5

    77a6968ce13da3aae320ed443558c9e8

  • SHA1

    3bda87f3f356116afb970452bee2f9f408fb463b

  • SHA256

    5d04f6813a1596241cd9e92b09f132f5d5792dc9d05d1987076be1764b1b5287

  • SHA512

    1cae3a4f757beb4ff801ecb5d4c28a48d2725d7b3163f97419e6bd16e97dfb2a8b8029184c200a829ef97729aaaa8d857495480575dd8d897ab153aec768e8fe

  • SSDEEP

    24576:85EmXFtKaL4/oFe5T9yyXYfP1ijXdaFl3MeSTXtwylJyuqyD2Eo0tC+k+6o:8PVt/LZeJbInQRaFl3MxL9pHiIt6+

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.gizemetiket.com.tr
  • Port:
    21
  • Username:
    pgizemM6
  • Password:
    giz95Ffg

Targets

    • Target

      5d04f6813a1596241cd9e92b09f132f5d5792dc9d05d1987076be1764b1b5287.exe

    • Size

      1.3MB

    • MD5

      77a6968ce13da3aae320ed443558c9e8

    • SHA1

      3bda87f3f356116afb970452bee2f9f408fb463b

    • SHA256

      5d04f6813a1596241cd9e92b09f132f5d5792dc9d05d1987076be1764b1b5287

    • SHA512

      1cae3a4f757beb4ff801ecb5d4c28a48d2725d7b3163f97419e6bd16e97dfb2a8b8029184c200a829ef97729aaaa8d857495480575dd8d897ab153aec768e8fe

    • SSDEEP

      24576:85EmXFtKaL4/oFe5T9yyXYfP1ijXdaFl3MeSTXtwylJyuqyD2Eo0tC+k+6o:8PVt/LZeJbInQRaFl3MxL9pHiIt6+

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks