General

  • Target

    2992b737cc487bae341eee8c6b11377b5baaace7ee2904ba6e4c91c542f1a515exe.exe

  • Size

    883KB

  • Sample

    231207-x7w7mseg78

  • MD5

    db1f3dcaf38e21694f56bbe0bda7f65d

  • SHA1

    da91c43d51e1a2f70cd5211a88de5ed7e38efbb7

  • SHA256

    2992b737cc487bae341eee8c6b11377b5baaace7ee2904ba6e4c91c542f1a515

  • SHA512

    d100b8b4b87f83f64bcfeda23e0fa077be8476ee9ec8d941332939f5824eae70fc76d037b22f3018168c185dc472f82a3ecdd906e38a62b13e451ddec6154db1

  • SSDEEP

    24576:W/Le7eGlPG3CfUWrcKh1bnTysQnjTItqb1q:Wa7eGRfdNhKAtn

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    mail.bezzleauto.com
  • Port:
    587
  • Username:
    Payables@bezzleauto.com
  • Password:
    Kene123456789
  • Email To:
    avril.chen@bezzleauto.com

Targets

    • Target

      2992b737cc487bae341eee8c6b11377b5baaace7ee2904ba6e4c91c542f1a515exe.exe

    • Size

      883KB

    • MD5

      db1f3dcaf38e21694f56bbe0bda7f65d

    • SHA1

      da91c43d51e1a2f70cd5211a88de5ed7e38efbb7

    • SHA256

      2992b737cc487bae341eee8c6b11377b5baaace7ee2904ba6e4c91c542f1a515

    • SHA512

      d100b8b4b87f83f64bcfeda23e0fa077be8476ee9ec8d941332939f5824eae70fc76d037b22f3018168c185dc472f82a3ecdd906e38a62b13e451ddec6154db1

    • SSDEEP

      24576:W/Le7eGlPG3CfUWrcKh1bnTysQnjTItqb1q:Wa7eGRfdNhKAtn

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v13

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks