General

  • Target

    bf19e2261ebe6c82bc30c3574d537a4ae776d4855d78af7b5c68f5c9c1bc0882

  • Size

    711KB

  • Sample

    220415-pr4yjshdej

  • MD5

    67483eb7f484cc43ad109bd69f87d3a6

  • SHA1

    ba44fdf3a2501f556ece2e8ab39fa455136fab87

  • SHA256

    bf19e2261ebe6c82bc30c3574d537a4ae776d4855d78af7b5c68f5c9c1bc0882

  • SHA512

    d187d16f643c483672ccaf44b982b4b4f0f0d6cd74b5a7e5177c1c32b84c636fa6638a13c1a8e2bee7d374f56d28411b34dbf0c7c902ddcf51e8151e36da48ef

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      bf19e2261ebe6c82bc30c3574d537a4ae776d4855d78af7b5c68f5c9c1bc0882

    • Size

      711KB

    • MD5

      67483eb7f484cc43ad109bd69f87d3a6

    • SHA1

      ba44fdf3a2501f556ece2e8ab39fa455136fab87

    • SHA256

      bf19e2261ebe6c82bc30c3574d537a4ae776d4855d78af7b5c68f5c9c1bc0882

    • SHA512

      d187d16f643c483672ccaf44b982b4b4f0f0d6cd74b5a7e5177c1c32b84c636fa6638a13c1a8e2bee7d374f56d28411b34dbf0c7c902ddcf51e8151e36da48ef

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks