General

  • Target

    SecuriteInfo.com.Trojan.Inject4.59820.14767.16252

  • Size

    586KB

  • Sample

    231208-pxq9msed9s

  • MD5

    b8915103e9d639e762e83cf9c8bda9a9

  • SHA1

    a9650b8e7d490e933bd05aa4539a617ed5319f03

  • SHA256

    ce18daad377673d765ae77224400740842cc31aee43a2cdb5e5ac564fbbe908d

  • SHA512

    f27fe7eb6d649fe81d8e6a64e775c8a32901161d1d4eab3bb4c525d9927e5716f015be7a72997f90b5cfbaa3daf0681fdd2d516fd7154ee42a24a4c8d1889919

  • SSDEEP

    12288:XhkZ5IbmQRzs42dKmicNLXndCwcso0vji5RqhZjhnBCnZOvbzRof:XK/IKQRIsuzZcd0v1hZjhnYn8DzRof

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.Trojan.Inject4.59820.14767.16252

    • Size

      586KB

    • MD5

      b8915103e9d639e762e83cf9c8bda9a9

    • SHA1

      a9650b8e7d490e933bd05aa4539a617ed5319f03

    • SHA256

      ce18daad377673d765ae77224400740842cc31aee43a2cdb5e5ac564fbbe908d

    • SHA512

      f27fe7eb6d649fe81d8e6a64e775c8a32901161d1d4eab3bb4c525d9927e5716f015be7a72997f90b5cfbaa3daf0681fdd2d516fd7154ee42a24a4c8d1889919

    • SSDEEP

      12288:XhkZ5IbmQRzs42dKmicNLXndCwcso0vji5RqhZjhnBCnZOvbzRof:XK/IKQRIsuzZcd0v1hZjhnYn8DzRof

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks