General

  • Target

    369705733b8a6e137b10e00790ef7c4a0ea1226f78166ef349dc4d87b6c6db34

  • Size

    461KB

  • Sample

    220415-bgd3gsagc4

  • MD5

    f96e23b97b1e47afa6f37bdd5cb4e16f

  • SHA1

    69dda98259275f18c45917613cd05c0e72238322

  • SHA256

    369705733b8a6e137b10e00790ef7c4a0ea1226f78166ef349dc4d87b6c6db34

  • SHA512

    e4e610423f90031705937de5da1dec1f5610277fbd8389279eb4a999c9476d47691513df54caaef83dde694713dd0afed0ba853e3d46ad711c3d0f30a16e02bd

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      369705733b8a6e137b10e00790ef7c4a0ea1226f78166ef349dc4d87b6c6db34

    • Size

      461KB

    • MD5

      f96e23b97b1e47afa6f37bdd5cb4e16f

    • SHA1

      69dda98259275f18c45917613cd05c0e72238322

    • SHA256

      369705733b8a6e137b10e00790ef7c4a0ea1226f78166ef349dc4d87b6c6db34

    • SHA512

      e4e610423f90031705937de5da1dec1f5610277fbd8389279eb4a999c9476d47691513df54caaef83dde694713dd0afed0ba853e3d46ad711c3d0f30a16e02bd

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks