General

  • Target

    1eef9f1c50a5362d4ff555b6cc5bc5df.bin

  • Size

    6KB

  • Sample

    230920-bhcaaada7y

  • MD5

    9aa0b3598b33f4fab63befd84a471068

  • SHA1

    33f1f95707db536001a3b4ec9fb6499808e118f6

  • SHA256

    82dbbd2e96ffda915fb24e4c4f74155bbe535df69ec59f2255fbe2744a0235fc

  • SHA512

    94d91cdb2cad268144c7f3c9a3d8414bd32ef3d8bb9991b9897bf1e45dbd1365d8e8cb51af9b09d39148446a881dd54b86a178e5a89c1ec0c56ff931d76e4159

  • SSDEEP

    192:zuiz6aO5Zvw11BymaA1HLOylgo8MTOyzy5OZp7Xdg9vd//:CiuaO5ZvwrBrZNOylg3KqONQx/

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      420a2c200fde9d62bc040616edd62949aec77d6e39bf864602f584792fc8e867.exe

    • Size

      12KB

    • MD5

      1eef9f1c50a5362d4ff555b6cc5bc5df

    • SHA1

      caa4099e942052634cea6fc2866d9652f09cf546

    • SHA256

      420a2c200fde9d62bc040616edd62949aec77d6e39bf864602f584792fc8e867

    • SHA512

      56c41cf987ba22ddac2cac9ef10e3dbadf2abd99ca0ed3510883d532cc5d1625ce50426308b8e91bd20645e3812074b31b977976646d751621dd18a92b877218

    • SSDEEP

      192:nlv0pHLdF1bvM+A4tLHwpTxHR95w0J1dZdckF+syKtieOv:d+Lxbk+A4tTyFSvsyuDO

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks