General

  • Target

    POM21002942.exe

  • Size

    1.0MB

  • Sample

    230403-gm2nmaee4v

  • MD5

    6484dc4913b3adb16c159b7ea00ff294

  • SHA1

    9870c0cfa3aa9afa49cc996cb2e8fa89486e3f23

  • SHA256

    30272b6380cb51f1ea1c8ba3c294fe504fb80179d4ac31cfa8eb641919137eca

  • SHA512

    d467be2354ebedee7f35ab5202fc8c3fde8a56a131af2d825b8678f57983d01d7fa6b6390e12c4634fb32c011dfcccb59f17af66370e49c8af7115b3100a0461

  • SSDEEP

    12288:/VKgbTjDbjZniAWt1m8nF3p44ZUf8O6PiyywVjjZNaUXcEGQLZCD/EdptyW5QHqR:kuTjDvFiAWt1mIzDifD6PUwVX

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      POM21002942.exe

    • Size

      1.0MB

    • MD5

      6484dc4913b3adb16c159b7ea00ff294

    • SHA1

      9870c0cfa3aa9afa49cc996cb2e8fa89486e3f23

    • SHA256

      30272b6380cb51f1ea1c8ba3c294fe504fb80179d4ac31cfa8eb641919137eca

    • SHA512

      d467be2354ebedee7f35ab5202fc8c3fde8a56a131af2d825b8678f57983d01d7fa6b6390e12c4634fb32c011dfcccb59f17af66370e49c8af7115b3100a0461

    • SSDEEP

      12288:/VKgbTjDbjZniAWt1m8nF3p44ZUf8O6PiyywVjjZNaUXcEGQLZCD/EdptyW5QHqR:kuTjDvFiAWt1mIzDifD6PUwVX

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Collection

Email Collection

1
T1114

Tasks