General

  • Target

    d325d9ecd5d7b1e7871de63f0807aa53457f82985845a9a6a4e45c0102a9fa69

  • Size

    492KB

  • Sample

    221207-qwcwasfa62

  • MD5

    09e1a3c55cbb5301bd7fd0999cc4258b

  • SHA1

    2cd3da7a201961bf063246579b11fcbad5774994

  • SHA256

    d325d9ecd5d7b1e7871de63f0807aa53457f82985845a9a6a4e45c0102a9fa69

  • SHA512

    1b8021949803303619b91964551a72d986ac703c36c1db336c636cf529e8cf26a4161c1f382f27f33ca7675e8f9667dc4c6b0670c50d824d37083dbbadcdcbe8

  • SSDEEP

    12288:g/64ce865hvybcRrJz2nHp31swuzv8LUpIvn:gpce865U4Rtk11s1T8D/

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      d325d9ecd5d7b1e7871de63f0807aa53457f82985845a9a6a4e45c0102a9fa69

    • Size

      492KB

    • MD5

      09e1a3c55cbb5301bd7fd0999cc4258b

    • SHA1

      2cd3da7a201961bf063246579b11fcbad5774994

    • SHA256

      d325d9ecd5d7b1e7871de63f0807aa53457f82985845a9a6a4e45c0102a9fa69

    • SHA512

      1b8021949803303619b91964551a72d986ac703c36c1db336c636cf529e8cf26a4161c1f382f27f33ca7675e8f9667dc4c6b0670c50d824d37083dbbadcdcbe8

    • SSDEEP

      12288:g/64ce865hvybcRrJz2nHp31swuzv8LUpIvn:gpce865U4Rtk11s1T8D/

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks