General

  • Target

    227c17af92250eb0bdf0699aa960da49.exe

  • Size

    563KB

  • Sample

    221003-jv1seaffdr

  • MD5

    227c17af92250eb0bdf0699aa960da49

  • SHA1

    d61972c27c1c527e4045b8ae02bee2cecc1f0e1c

  • SHA256

    0c62abe574a6b360a940fc43ecae0993eb52715bac6208ea56e2de5e1bc5892b

  • SHA512

    2f63af39b7f4c6e262f4ce6fa41392dcc81746562f0d3f2624ec51528450a337be02739d046dd9062e0bc81a4c1bcbecee7adecdb434b119ad708aab07acf017

  • SSDEEP

    12288:kErC2iNx04jcS2r4LRzx/T/xtznCqpTBaGNCAkQvlBhCTet:LG1/07r4fr/xt7CuUGhvhx

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/sendDocument

Targets

    • Target

      227c17af92250eb0bdf0699aa960da49.exe

    • Size

      563KB

    • MD5

      227c17af92250eb0bdf0699aa960da49

    • SHA1

      d61972c27c1c527e4045b8ae02bee2cecc1f0e1c

    • SHA256

      0c62abe574a6b360a940fc43ecae0993eb52715bac6208ea56e2de5e1bc5892b

    • SHA512

      2f63af39b7f4c6e262f4ce6fa41392dcc81746562f0d3f2624ec51528450a337be02739d046dd9062e0bc81a4c1bcbecee7adecdb434b119ad708aab07acf017

    • SSDEEP

      12288:kErC2iNx04jcS2r4LRzx/T/xtznCqpTBaGNCAkQvlBhCTet:LG1/07r4fr/xt7CuUGhvhx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Drops file in Drivers directory

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Collection

Email Collection

1
T1114

Tasks