General

  • Target

    ecdf5a4f4191250ddfb21f3aa6f469303680a4da7abd8fb50214cc2441e18f82

  • Size

    1.0MB

  • Sample

    241223-bses6atjh1

  • MD5

    6431d1df9cb200df2ca097335f3db551

  • SHA1

    3b45b56a7b8b2da3a63d6622d4a79eb7a9af8174

  • SHA256

    ecdf5a4f4191250ddfb21f3aa6f469303680a4da7abd8fb50214cc2441e18f82

  • SHA512

    27872010646a8fdc6a14ffdcebd066d6414ac042d77da86f111399c619cec5e9e9f4a04b1569c609ba547e1226962341457e19b99b6d7c93bf74001750aa4490

  • SSDEEP

    24576:Tu6J33O0c+JY5UZ+XC0kGso6FairsBMUjSYGWY:9u0c++OCvkGs9FaiY6U7Y

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.stingatoareincendii.ro
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    3.*RYhlG)lkA

Targets

    • Target

      ecdf5a4f4191250ddfb21f3aa6f469303680a4da7abd8fb50214cc2441e18f82

    • Size

      1.0MB

    • MD5

      6431d1df9cb200df2ca097335f3db551

    • SHA1

      3b45b56a7b8b2da3a63d6622d4a79eb7a9af8174

    • SHA256

      ecdf5a4f4191250ddfb21f3aa6f469303680a4da7abd8fb50214cc2441e18f82

    • SHA512

      27872010646a8fdc6a14ffdcebd066d6414ac042d77da86f111399c619cec5e9e9f4a04b1569c609ba547e1226962341457e19b99b6d7c93bf74001750aa4490

    • SSDEEP

      24576:Tu6J33O0c+JY5UZ+XC0kGso6FairsBMUjSYGWY:9u0c++OCvkGs9FaiY6U7Y

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks