General

  • Target

    233388d94222a924ea54604e4e2ab0d12d730cfa58c09f10070b812ef16f3d67.exe

  • Size

    827KB

  • Sample

    231208-q1jjmsaaem

  • MD5

    e381119d4028bffcdde3ee3fd19dd526

  • SHA1

    c40003854d42c7d022e0ea2bdea721709345ac81

  • SHA256

    233388d94222a924ea54604e4e2ab0d12d730cfa58c09f10070b812ef16f3d67

  • SHA512

    e071de3b23366a01ff4984a0adb414612dc9b22ffe7389d77e3beb0ccc50d6ee50832533b9fac49362e8d1d140d512a4c1df477ae96e641daa740b4cddf401a6

  • SSDEEP

    24576:7MeVvo/ndA5w80rCvFKUNCexCdM1DKGYfpBhtD/BD+:ro/ndf9rC0ezCdK9Y3BD

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      233388d94222a924ea54604e4e2ab0d12d730cfa58c09f10070b812ef16f3d67.exe

    • Size

      827KB

    • MD5

      e381119d4028bffcdde3ee3fd19dd526

    • SHA1

      c40003854d42c7d022e0ea2bdea721709345ac81

    • SHA256

      233388d94222a924ea54604e4e2ab0d12d730cfa58c09f10070b812ef16f3d67

    • SHA512

      e071de3b23366a01ff4984a0adb414612dc9b22ffe7389d77e3beb0ccc50d6ee50832533b9fac49362e8d1d140d512a4c1df477ae96e641daa740b4cddf401a6

    • SSDEEP

      24576:7MeVvo/ndA5w80rCvFKUNCexCdM1DKGYfpBhtD/BD+:ro/ndf9rC0ezCdK9Y3BD

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks