General

  • Target

    c1353a19ab8fdea024ab88c43b3305e169ab791592b2a09821606eae3ed6a72c

  • Size

    865KB

  • Sample

    220415-bentxafdhn

  • MD5

    684ab5df0b0647e7854f52a7391af236

  • SHA1

    aad4ce4f9dfa09516549fa679058a2145c73da2a

  • SHA256

    c1353a19ab8fdea024ab88c43b3305e169ab791592b2a09821606eae3ed6a72c

  • SHA512

    27667b4073d88bed64c94bc17202d4eaae8f60bbbe6a59baae0968a397acc6253c59153827c961520340be30ab66754e7f0fe7ac8cd5f29dd8417dad4c4c509d

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.ausvanlines.com.au
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    smith@222

Targets

    • Target

      c1353a19ab8fdea024ab88c43b3305e169ab791592b2a09821606eae3ed6a72c

    • Size

      865KB

    • MD5

      684ab5df0b0647e7854f52a7391af236

    • SHA1

      aad4ce4f9dfa09516549fa679058a2145c73da2a

    • SHA256

      c1353a19ab8fdea024ab88c43b3305e169ab791592b2a09821606eae3ed6a72c

    • SHA512

      27667b4073d88bed64c94bc17202d4eaae8f60bbbe6a59baae0968a397acc6253c59153827c961520340be30ab66754e7f0fe7ac8cd5f29dd8417dad4c4c509d

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks