General

  • Target

    6def904f769fe8ef1e3da3e4305fd36fc162176a

  • Size

    434KB

  • Sample

    230114-p3pyrsfe97

  • MD5

    f25a05273ba3897ae6d5211dd42bf896

  • SHA1

    6def904f769fe8ef1e3da3e4305fd36fc162176a

  • SHA256

    87e32aa4c7cdad4872573c0d62e51e9256d1c774dbdebd2cb2e706734aa69e1f

  • SHA512

    52050da9da3a70d4c39a05ebfb720998b0b98c077b6996985cce7924711389df7196da8d85e53723b24f17c311dab0551b087161283d46ba1756f6cd2d06f0a2

  • SSDEEP

    6144:uYa63eDljYsa/ahTp42vAHkp2xv/hQ8MUlEeYBbE:uYMlMsgET1vRp2VpQ8MuvYBbE

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      6def904f769fe8ef1e3da3e4305fd36fc162176a

    • Size

      434KB

    • MD5

      f25a05273ba3897ae6d5211dd42bf896

    • SHA1

      6def904f769fe8ef1e3da3e4305fd36fc162176a

    • SHA256

      87e32aa4c7cdad4872573c0d62e51e9256d1c774dbdebd2cb2e706734aa69e1f

    • SHA512

      52050da9da3a70d4c39a05ebfb720998b0b98c077b6996985cce7924711389df7196da8d85e53723b24f17c311dab0551b087161283d46ba1756f6cd2d06f0a2

    • SSDEEP

      6144:uYa63eDljYsa/ahTp42vAHkp2xv/hQ8MUlEeYBbE:uYMlMsgET1vRp2VpQ8MuvYBbE

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks