General

  • Target

    NEW PO - 4610926543.exe

  • Size

    785KB

  • Sample

    230609-lqgj3sce81

  • MD5

    440cd930743d1b0c91c6d7396eaf23e0

  • SHA1

    f2cbcde2047dbba83c4ba61543c1a10e4286cafc

  • SHA256

    65370cfa1e08f458d53cb661cf02054d9324f155a7bbf6505b4da5c2f9492385

  • SHA512

    997d4f9e3649d6daff61b54da347e4c79e61ecc8000ce57219800db7222c7dbded6ee2a59e93f71fd1650cf1fa7ca594cb22cdb9a04ac3f6a8e21b211ee48148

  • SSDEEP

    24576:50biRoSErVxIE5+wqAWxE3YSKeE6xna9I6vfY:5y4oRrjIw3qjnReP+vfY

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      NEW PO - 4610926543.exe

    • Size

      785KB

    • MD5

      440cd930743d1b0c91c6d7396eaf23e0

    • SHA1

      f2cbcde2047dbba83c4ba61543c1a10e4286cafc

    • SHA256

      65370cfa1e08f458d53cb661cf02054d9324f155a7bbf6505b4da5c2f9492385

    • SHA512

      997d4f9e3649d6daff61b54da347e4c79e61ecc8000ce57219800db7222c7dbded6ee2a59e93f71fd1650cf1fa7ca594cb22cdb9a04ac3f6a8e21b211ee48148

    • SSDEEP

      24576:50biRoSErVxIE5+wqAWxE3YSKeE6xna9I6vfY:5y4oRrjIw3qjnReP+vfY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks