General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.25213.3401.exe

  • Size

    1.1MB

  • Sample

    221123-r1ageach7v

  • MD5

    14033d5efab3af6dde154aeae64c7baa

  • SHA1

    07dfacdcf3bca00084d51713358b4f0b0ae1ce80

  • SHA256

    1fe08e7ba52b00e78eb445d792ee3d03648b9b90ea02902e875df4668d490ac5

  • SHA512

    73c2cd25bee150cd514332e24eec8e94075de36c4b0fc2aaa44795ad21f78b2d4fecafe6822bcd8a3957adfcd08b133118f5f5e895b7ab6de829ab35fbeab16d

  • SSDEEP

    24576:Uzlwgh/awQ2DzXq0XVGmogUn+ielIY+MKD5f+ycM3LTu/WPLnTIRD:UzlTh/d7fjVlVU+9lJbKuM3Lyunc

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.25213.3401.exe

    • Size

      1.1MB

    • MD5

      14033d5efab3af6dde154aeae64c7baa

    • SHA1

      07dfacdcf3bca00084d51713358b4f0b0ae1ce80

    • SHA256

      1fe08e7ba52b00e78eb445d792ee3d03648b9b90ea02902e875df4668d490ac5

    • SHA512

      73c2cd25bee150cd514332e24eec8e94075de36c4b0fc2aaa44795ad21f78b2d4fecafe6822bcd8a3957adfcd08b133118f5f5e895b7ab6de829ab35fbeab16d

    • SSDEEP

      24576:Uzlwgh/awQ2DzXq0XVGmogUn+ielIY+MKD5f+ycM3LTu/WPLnTIRD:UzlTh/d7fjVlVU+9lJbKuM3Lyunc

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks