General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.29741.10451.exe

  • Size

    704KB

  • Sample

    231208-ttnrkabadl

  • MD5

    a576153b3c74a904b1f8f45092615859

  • SHA1

    7f6b01f1271c4138a4f8bf38e9543afc0cfca582

  • SHA256

    e8434c616498087ebeaa23ca1b164dc1c4ba49579d759035b3e46c0c17bd3c75

  • SHA512

    5502f1718cdacb8d21588c974955967fa56bdb1ed12e4618f3b159c1a3a514cc507a325bb67776b323c3e43c740c945111584fb9c1ada3a9a6ff39f2dffe8d69

  • SSDEEP

    12288:WEjuxvGmhyeQsIVTTcagHHG5N4MAHKGiOgHos2VAiOji8wuQ5nH:dmQeQ1VTTh6MAZ4oscghwT5n

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.29741.10451.exe

    • Size

      704KB

    • MD5

      a576153b3c74a904b1f8f45092615859

    • SHA1

      7f6b01f1271c4138a4f8bf38e9543afc0cfca582

    • SHA256

      e8434c616498087ebeaa23ca1b164dc1c4ba49579d759035b3e46c0c17bd3c75

    • SHA512

      5502f1718cdacb8d21588c974955967fa56bdb1ed12e4618f3b159c1a3a514cc507a325bb67776b323c3e43c740c945111584fb9c1ada3a9a6ff39f2dffe8d69

    • SSDEEP

      12288:WEjuxvGmhyeQsIVTTcagHHG5N4MAHKGiOgHos2VAiOji8wuQ5nH:dmQeQ1VTTh6MAZ4oscghwT5n

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks