General

  • Target

    d41958cd03f3b6a5d35bfffbe5ac6433df12e1219958e7a2e6e79ccfb8c9163f

  • Size

    1005KB

  • Sample

    250124-bj2lkatpap

  • MD5

    ca278d1f75ba838c94bbcd345efaeb2a

  • SHA1

    799d4a14d169577b093cd940af3665aa74cd6e96

  • SHA256

    d41958cd03f3b6a5d35bfffbe5ac6433df12e1219958e7a2e6e79ccfb8c9163f

  • SHA512

    a3ee4b8b74b2fd1c0baa4ec4deccf6caf3348e2a250b302d7d7d2f6dc896f490e81e58159a19df9fe0b6d82e291109f9df3be79d53c8b61e5260c40d120e5cb7

  • SSDEEP

    12288:3CdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga8T5a2N8GdM:3Cdxte/80jYLT3U1jfsWaM5a2N85EpQ

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.solucionesmexico.mx
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    dGG^ZYIxX5!B

Targets

    • Target

      d41958cd03f3b6a5d35bfffbe5ac6433df12e1219958e7a2e6e79ccfb8c9163f

    • Size

      1005KB

    • MD5

      ca278d1f75ba838c94bbcd345efaeb2a

    • SHA1

      799d4a14d169577b093cd940af3665aa74cd6e96

    • SHA256

      d41958cd03f3b6a5d35bfffbe5ac6433df12e1219958e7a2e6e79ccfb8c9163f

    • SHA512

      a3ee4b8b74b2fd1c0baa4ec4deccf6caf3348e2a250b302d7d7d2f6dc896f490e81e58159a19df9fe0b6d82e291109f9df3be79d53c8b61e5260c40d120e5cb7

    • SSDEEP

      12288:3CdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga8T5a2N8GdM:3Cdxte/80jYLT3U1jfsWaM5a2N85EpQ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks