General

  • Target

    Commande nr220489 E833080.exe

  • Size

    182KB

  • Sample

    230330-mrn6zsdg4w

  • MD5

    424d1c81092c76ac4c60ed4e2af71729

  • SHA1

    dff8164676c93499d9117b8c99d59f563dc603dd

  • SHA256

    cb1a95879bdec08e04762f3180ab28040288232230c0a10dfd9a9344e0fa21cb

  • SHA512

    a63edebd3716d66a1959b924d2c5b00e3e5b0897325bae2923e99568a3a66e3bcc837d8aaf48c7014cf4c0ab4974fae805a65ad98b01fd39dc2bb0c4a708daf0

  • SSDEEP

    3072:38MzDbnCWsIhhNzz05DDxz7k7K4adcywN/ivkMK0jTJj8xyIL32C0gAm6:MieObz83xPkerEat3jdjcyILGI

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6120421924:AAHfDg3lTzDUW4O1CSc9eyT6zf8UpaOZqyY/

Targets

    • Target

      Commande nr220489 E833080.exe

    • Size

      182KB

    • MD5

      424d1c81092c76ac4c60ed4e2af71729

    • SHA1

      dff8164676c93499d9117b8c99d59f563dc603dd

    • SHA256

      cb1a95879bdec08e04762f3180ab28040288232230c0a10dfd9a9344e0fa21cb

    • SHA512

      a63edebd3716d66a1959b924d2c5b00e3e5b0897325bae2923e99568a3a66e3bcc837d8aaf48c7014cf4c0ab4974fae805a65ad98b01fd39dc2bb0c4a708daf0

    • SSDEEP

      3072:38MzDbnCWsIhhNzz05DDxz7k7K4adcywN/ivkMK0jTJj8xyIL32C0gAm6:MieObz83xPkerEat3jdjcyILGI

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Collection

Email Collection

1
T1114

Tasks