General

  • Target

    375dd1407effccb83fbc1bb6d4e088b75f2e445f6f1e8e08d4d4fd92a04f77cc

  • Size

    234KB

  • Sample

    241115-cc5kbawhmb

  • MD5

    c51f6db8ec9bc4709f47b9e80223109f

  • SHA1

    9610eef15645c321cf80791ea4be2233ef8e4738

  • SHA256

    375dd1407effccb83fbc1bb6d4e088b75f2e445f6f1e8e08d4d4fd92a04f77cc

  • SHA512

    c66e0c88a169fa4709a72e1422c830d533df88b39a0e9f656cca68d27fe0a9fcd386e5fcdf36f9f126d408a3bfaa5b4214bdbf9a89c1280a2cff6159dcbe06f5

  • SSDEEP

    3072:m+bqGC+iGatVXob0kMktimnKvP5uV5EFci:m+bqGC+iGaPXob0k5timWcHEe

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    cp8nl.hyperhost.ua
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    7213575aceACE@#$

Targets

    • Target

      375dd1407effccb83fbc1bb6d4e088b75f2e445f6f1e8e08d4d4fd92a04f77cc

    • Size

      234KB

    • MD5

      c51f6db8ec9bc4709f47b9e80223109f

    • SHA1

      9610eef15645c321cf80791ea4be2233ef8e4738

    • SHA256

      375dd1407effccb83fbc1bb6d4e088b75f2e445f6f1e8e08d4d4fd92a04f77cc

    • SHA512

      c66e0c88a169fa4709a72e1422c830d533df88b39a0e9f656cca68d27fe0a9fcd386e5fcdf36f9f126d408a3bfaa5b4214bdbf9a89c1280a2cff6159dcbe06f5

    • SSDEEP

      3072:m+bqGC+iGatVXob0kMktimnKvP5uV5EFci:m+bqGC+iGaPXob0k5timWcHEe

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks