General

  • Target

    a7b7c1c9960e99714eee908a8e5557561c65d13794c0d8c064f6811676a17128

  • Size

    535KB

  • Sample

    241121-bwqd3aybml

  • MD5

    cc4567c9d75a773caa877465d0dba10b

  • SHA1

    ef4c193bc4c1801188dcc570fc8b06d35c84d789

  • SHA256

    a7b7c1c9960e99714eee908a8e5557561c65d13794c0d8c064f6811676a17128

  • SHA512

    5821b62b199a01ca1e9503dbf6cfae959d93658e6b264e3dfea5ad0e8d30b9ebf554ff1f44c4485cfb30100ac569c3afa32c338b26ad8db3504c5f21fa3046ee

  • SSDEEP

    12288:sC2vUzXs6YubDEBtHY1+Xl8Ft8IaubT16/O:sC2vUzc6YUDEBt4wXl0t1aubT1

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.fosna.net
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    =A+N^@~c]~#I

Targets

    • Target

      Orden de Compra No. 78986756565344657.exe

    • Size

      1020KB

    • MD5

      ec54ec96f798986e11e21ae30143d86f

    • SHA1

      08d5f0df9b9b930df3239dd7d3708f2657c9bf7a

    • SHA256

      ee135e88c1e612f8298bbd73b83b6276e3654a1dfdbc92bfd0a58357d69ad9a3

    • SHA512

      0299e4043aa6b130a75aa6b86ce268a9be6729e0daadf6fec079a76fddaa29e1bc85c9f21c0829703ef7ffa8d138f99a8bbd3c81a0fce5d84ec6588ac3095d37

    • SSDEEP

      24576:ju6J33O0c+JY5UZ+XC0kGso6Faku/9ASEiGOLbnWY:tu0c++OCvkGs9Faku/KPLiiY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks