General

  • Target

    6517be0ad6c3d08f0a7643268e616400ca30fff6fef58c823d6b4c05c838b634

  • Size

    658KB

  • Sample

    231209-cjsjbsebdj

  • MD5

    b087af830bd6a458dfcb3d2f84c1d33a

  • SHA1

    0a631f914b663df5e8d8a1fce9acd6efe47d52a9

  • SHA256

    6517be0ad6c3d08f0a7643268e616400ca30fff6fef58c823d6b4c05c838b634

  • SHA512

    cce3562355f91603e135808ea89587ef4968ad5ee9f0c4aa0b2a736fe0e31174d66bd6ff2c68acfbd3219c8e71ee3791c4ff47c184150fa96e68406822b09de7

  • SSDEEP

    12288:j1hkZ5OkjA7iqT/1jeFSTz+OWNtBPL6KLlgJIn5Wn+fPEFFSfC4V:BK/SiC/1aFSMnLkJInE26ofCW

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      6517be0ad6c3d08f0a7643268e616400ca30fff6fef58c823d6b4c05c838b634

    • Size

      658KB

    • MD5

      b087af830bd6a458dfcb3d2f84c1d33a

    • SHA1

      0a631f914b663df5e8d8a1fce9acd6efe47d52a9

    • SHA256

      6517be0ad6c3d08f0a7643268e616400ca30fff6fef58c823d6b4c05c838b634

    • SHA512

      cce3562355f91603e135808ea89587ef4968ad5ee9f0c4aa0b2a736fe0e31174d66bd6ff2c68acfbd3219c8e71ee3791c4ff47c184150fa96e68406822b09de7

    • SSDEEP

      12288:j1hkZ5OkjA7iqT/1jeFSTz+OWNtBPL6KLlgJIn5Wn+fPEFFSfC4V:BK/SiC/1aFSMnLkJInE26ofCW

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks