General

  • Target

    c18723dfaf550c484bb8b38bcfed28f0ac84a207bb1155a5e39cf75f7224ff6d.exe

  • Size

    852KB

  • Sample

    241218-dwwbesslgn

  • MD5

    51c79a3875d045fd9636fea680d5719e

  • SHA1

    b5b196b5f40e412f8eba6cf70afe7c3446e66699

  • SHA256

    c18723dfaf550c484bb8b38bcfed28f0ac84a207bb1155a5e39cf75f7224ff6d

  • SHA512

    eb7b617220a89818e279764fe730557ca59fa273dcf886135f7fb1ff46815f5b11b1c1de78da4fc22f88f87b598f35c1a7a723779074c9379de08fbe3cbb949d

  • SSDEEP

    24576:sgyz72KGKLDlej6TOuorEjnuJ4GVq/+O:sgyzC7WpeflmnuJ4Gk2O

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6398266815:AAHsI6E2fxSDRjUIFWFTj-ZFBkT9Dm19_Mo/

Targets

    • Target

      c18723dfaf550c484bb8b38bcfed28f0ac84a207bb1155a5e39cf75f7224ff6d.exe

    • Size

      852KB

    • MD5

      51c79a3875d045fd9636fea680d5719e

    • SHA1

      b5b196b5f40e412f8eba6cf70afe7c3446e66699

    • SHA256

      c18723dfaf550c484bb8b38bcfed28f0ac84a207bb1155a5e39cf75f7224ff6d

    • SHA512

      eb7b617220a89818e279764fe730557ca59fa273dcf886135f7fb1ff46815f5b11b1c1de78da4fc22f88f87b598f35c1a7a723779074c9379de08fbe3cbb949d

    • SSDEEP

      24576:sgyz72KGKLDlej6TOuorEjnuJ4GVq/+O:sgyzC7WpeflmnuJ4Gk2O

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.