General

  • Target

    9c7e5add4dc35eca2c34ac4f1a15190015ca369a9189f3f5c8beeab29ad915de

  • Size

    24KB

  • Sample

    250704-tw3nhabn8t

  • MD5

    e107fdb39c79ff9396a3deabbc845416

  • SHA1

    1978776feeb5f09110e2985f9b245b6c7f3ddd56

  • SHA256

    9c7e5add4dc35eca2c34ac4f1a15190015ca369a9189f3f5c8beeab29ad915de

  • SHA512

    510243455e3246b4b3239f99d589f0213fa38d565541f26c8c8cbd49e47ff45f22c30cd8e854f19fe25df93219bcb5da0b6ffeb2b7b578203a7553e64ba913b1

  • SSDEEP

    384:7s84/SuxtxCH9UupuxfyU/51QoqRMylcwlbBrdDJSFAarC34MVt6O3AM+F/SiZbr:f49bxCHquef7pWBdDJcrCICt/vq9bWpo

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.j-fores.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    qx2O4n8r@GY0Y;

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      RFQ JI-TECH_Materials&Specification-DB700-BOQ.exe

    • Size

      41KB

    • MD5

      5b5d4fd115e415a23937df5ba616de7b

    • SHA1

      3eb1e85e9da84dd6a4b8e15944dfe9f98e7c2bdc

    • SHA256

      418b9ebf4590316ece7fdbe635e7d20d938bca664e973bd11d8974d40bc20183

    • SHA512

      fc075f4c0839bad3fa1d7d013c8382548f0710cc103a16f4b8decbe3ab7ce8bc2b4557460755dc8b4504c9543706276da548792ef97afdfea5abaf32859e12ff

    • SSDEEP

      768:1kjb27fXZOQrjom/aUwmDIDPky7o6qcr+6aJ9eZ6C:K/2jZOSoajwmkz17o6qcfs9K

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks