General

  • Target

    8c890dd89edf5b78c30c51d06564886e581a0815874eb39ca72aa7715ad7a5e4

  • Size

    237KB

  • Sample

    241120-bqwnwsxlaz

  • MD5

    4dab7811486551176d13741b0d486deb

  • SHA1

    31676cabc962063c5ced64f493281297cc28cc2a

  • SHA256

    8c890dd89edf5b78c30c51d06564886e581a0815874eb39ca72aa7715ad7a5e4

  • SHA512

    96bcd7df23b664e369f8b9b47622503c2ee597727822fd7530b91974fd567691b63b30b0e6453e28a03da27a88ae7d6feab03c27cf21d7925956637737e57b9a

  • SSDEEP

    3072:Blh6U+2umuqXCUFQ/AQf/erH8Q/KaMvrW5ROa34P7K:BlhB+2umu/UFQIY08mMvrA73W7

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    cp8nl.hyperhost.ua
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    cy+G_(979n9N

Targets

    • Target

      8c890dd89edf5b78c30c51d06564886e581a0815874eb39ca72aa7715ad7a5e4

    • Size

      237KB

    • MD5

      4dab7811486551176d13741b0d486deb

    • SHA1

      31676cabc962063c5ced64f493281297cc28cc2a

    • SHA256

      8c890dd89edf5b78c30c51d06564886e581a0815874eb39ca72aa7715ad7a5e4

    • SHA512

      96bcd7df23b664e369f8b9b47622503c2ee597727822fd7530b91974fd567691b63b30b0e6453e28a03da27a88ae7d6feab03c27cf21d7925956637737e57b9a

    • SSDEEP

      3072:Blh6U+2umuqXCUFQ/AQf/erH8Q/KaMvrW5ROa34P7K:BlhB+2umu/UFQIY08mMvrA73W7

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v15

Tasks