General

  • Target

    SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe

  • Size

    1015KB

  • Sample

    221202-g8cxdsef5x

  • MD5

    17a3633b6f0ddc4b4429163f3469fa81

  • SHA1

    5accb3182865a75312a64e87431278f1072b81ca

  • SHA256

    be6eddee7716fd87a1ff8c8b407bc3895b6acb165ecbaec087f1ebc4914d438c

  • SHA512

    83afc20ba452faccfc1dd7620286e8bcee36ca80d24e4d8613947c2499f5bc0f9e4500b720aa299365c0fdcf4a482a693ad7bc98aad60c6c87183a659fc52a11

  • SSDEEP

    12288:MwmIyhLfp/sVfdcYjBpxInkHKnnM4gngscPUYZYq0FCblKqQjL9QzX7BIBi8pV4c:9mBhS7uIKnMTXJu6UxKLjJQ5B8pnzTx

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5676971476:AAFdGsXW8kwzXNIluAGV-a4sJ2XBy68O9WI/

Targets

    • Target

      SecuriteInfo.com.Win32.CrypterX-gen.12100.1746.exe

    • Size

      1015KB

    • MD5

      17a3633b6f0ddc4b4429163f3469fa81

    • SHA1

      5accb3182865a75312a64e87431278f1072b81ca

    • SHA256

      be6eddee7716fd87a1ff8c8b407bc3895b6acb165ecbaec087f1ebc4914d438c

    • SHA512

      83afc20ba452faccfc1dd7620286e8bcee36ca80d24e4d8613947c2499f5bc0f9e4500b720aa299365c0fdcf4a482a693ad7bc98aad60c6c87183a659fc52a11

    • SSDEEP

      12288:MwmIyhLfp/sVfdcYjBpxInkHKnnM4gngscPUYZYq0FCblKqQjL9QzX7BIBi8pV4c:9mBhS7uIKnMTXJu6UxKLjJQ5B8pnzTx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks