General

  • Target

    orderanddrawings_pdf.exe

  • Size

    1.0MB

  • Sample

    241120-k84a5avgkq

  • MD5

    4726039e5f4d03f6f3f9cc0cd8d423a1

  • SHA1

    3dc80b737f67481eb0385b2a25058309c7a63989

  • SHA256

    9970fc1f94630a822d109fd53bcb3fe1ed51bd5359007e3e4f570c0f85f3a040

  • SHA512

    69487f9904d791cfe64cfeb6f7707032a843858eae747fcec5b3ca88286ce2de43e8324a9c85482c1d9353f7509ef749e7dc68775335f940e2178d8094218dd5

  • SSDEEP

    24576:6tb20pkaCqT5TBWgNQ7a7Na6KD3176FE6A:nVg5tQ7a7NatDZ6C5

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.gizemetiket.com.tr
  • Port:
    21
  • Username:
    pgizemM6
  • Password:
    giz95Ffg

Targets

    • Target

      orderanddrawings_pdf.exe

    • Size

      1.0MB

    • MD5

      4726039e5f4d03f6f3f9cc0cd8d423a1

    • SHA1

      3dc80b737f67481eb0385b2a25058309c7a63989

    • SHA256

      9970fc1f94630a822d109fd53bcb3fe1ed51bd5359007e3e4f570c0f85f3a040

    • SHA512

      69487f9904d791cfe64cfeb6f7707032a843858eae747fcec5b3ca88286ce2de43e8324a9c85482c1d9353f7509ef749e7dc68775335f940e2178d8094218dd5

    • SSDEEP

      24576:6tb20pkaCqT5TBWgNQ7a7Na6KD3176FE6A:nVg5tQ7a7NatDZ6C5

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks