General

  • Target

    951f66b51f796de5f9298aa1f97c49e392083f6b570fb31df72610999fb50769.exe

  • Size

    837KB

  • Sample

    231202-lfrx3abd3v

  • MD5

    13e7ae190b0ab1250c199ac339217231

  • SHA1

    625b25670a86a8b9a7808d226919dec2a224339f

  • SHA256

    951f66b51f796de5f9298aa1f97c49e392083f6b570fb31df72610999fb50769

  • SHA512

    4eda095b17e782f4cc8ed58379d1787928e4fb32899069c48fbddc972e203c61cb93d9ffd1d7fb5220c7da3614814a75f7f42068480d707f60f1a8f11a2e438e

  • SSDEEP

    12288:yvmSJD+IFgicSDKNfGAIko3cajHh84/dUNMgBe9+hXpKm0qE+Fq:YmSJD1ZctNbIko3c684KiKhXQ2

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      951f66b51f796de5f9298aa1f97c49e392083f6b570fb31df72610999fb50769.exe

    • Size

      837KB

    • MD5

      13e7ae190b0ab1250c199ac339217231

    • SHA1

      625b25670a86a8b9a7808d226919dec2a224339f

    • SHA256

      951f66b51f796de5f9298aa1f97c49e392083f6b570fb31df72610999fb50769

    • SHA512

      4eda095b17e782f4cc8ed58379d1787928e4fb32899069c48fbddc972e203c61cb93d9ffd1d7fb5220c7da3614814a75f7f42068480d707f60f1a8f11a2e438e

    • SSDEEP

      12288:yvmSJD+IFgicSDKNfGAIko3cajHh84/dUNMgBe9+hXpKm0qE+Fq:YmSJD1ZctNbIko3c684KiKhXQ2

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks