2020-09-25 - TROUBLE ALERT [AgentTesla] | Notion

Network

LAN segment range: 10.0.0.0/24 (10.0.0.0 through 10.0.0.255)
Domain: pascalpig.com
Domain controller: 10.0.0.10 - Pascalpig-DC
LAN segment gateway: 10.0.0.1
LAN segment broadcast address: 10.9.25.255

Alerts

Victim

10.0.0.179
ASUSTekC_34:b2:d0 (00:0c:6e:34:b2:d0)
DESKTOP-M1JC4XX (DESKTOP-M1JC4XX.pascalpig.com)
ronaldo.paccione

IOCs

File Download - jojo.exe

2020-09-24 22:41:33.462160

10.0.0.179:50066 → 198.12.66.108:80

HTTP GET /jojo.exe HTTP/1.1