General

  • Target

    DE356325424_POA DHL.exe

  • Size

    210KB

  • Sample

    230331-mpe6ashc89

  • MD5

    f3ee8a265451beb1f9e5b6ed6414dbb5

  • SHA1

    47afad0bc9967501152f95599677115d3b4c487a

  • SHA256

    f79b975267f3d8b382e3dc5afece09fb582f4aabdde181c129d809437831b6bf

  • SHA512

    3960f3fdbdb5de42307bf4341a2a47ba3288b333b39a75d83cb683140c2a34daa6e9ea85bb4dc07dc23a6dbe40f0e7d09368c537ca0210ce3fd40e9ee8c3e1c8

  • SSDEEP

    6144:2Z8LqKUnWb964ywHDC3mU/mtgjGbhKSiI:FLqKUw96IHDARjGbwI

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5693068931:AAGSQSNIWDJM1FzeZVNHS020I9wVBrQdkRM/

Targets

    • Target

      DE356325424_POA DHL.exe

    • Size

      210KB

    • MD5

      f3ee8a265451beb1f9e5b6ed6414dbb5

    • SHA1

      47afad0bc9967501152f95599677115d3b4c487a

    • SHA256

      f79b975267f3d8b382e3dc5afece09fb582f4aabdde181c129d809437831b6bf

    • SHA512

      3960f3fdbdb5de42307bf4341a2a47ba3288b333b39a75d83cb683140c2a34daa6e9ea85bb4dc07dc23a6dbe40f0e7d09368c537ca0210ce3fd40e9ee8c3e1c8

    • SSDEEP

      6144:2Z8LqKUnWb964ywHDC3mU/mtgjGbhKSiI:FLqKUw96IHDARjGbwI

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Collection

Email Collection

1
T1114

Tasks