General

  • Target

    7e597b7a940ce9fe398f5a09ea06e9c2.bin

  • Size

    885KB

  • Sample

    231210-drb2zsdch9

  • MD5

    7e597b7a940ce9fe398f5a09ea06e9c2

  • SHA1

    46fab946b897f1b804aec6183d9c60bad103e9a4

  • SHA256

    4722e9113d3f8eaa1956f990da588f8eed324bb8d5551d52bff3bf4536a6010d

  • SHA512

    354d258b9605425b5037822fbc24f17c07b83095d0f2ef9ff86d4ca6f9b0ee8bcacce7741eee1c04e3b12fd22e99ad1ccda5ffe6050c19320ba68564e8cf3c82

  • SSDEEP

    12288:r91idWEW7UN5vDnSX1zCyG/JW+50zKlDWjDS6VtgMyie2:r+YiUzCVR0FDSMtZyie2

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      7e597b7a940ce9fe398f5a09ea06e9c2.bin

    • Size

      885KB

    • MD5

      7e597b7a940ce9fe398f5a09ea06e9c2

    • SHA1

      46fab946b897f1b804aec6183d9c60bad103e9a4

    • SHA256

      4722e9113d3f8eaa1956f990da588f8eed324bb8d5551d52bff3bf4536a6010d

    • SHA512

      354d258b9605425b5037822fbc24f17c07b83095d0f2ef9ff86d4ca6f9b0ee8bcacce7741eee1c04e3b12fd22e99ad1ccda5ffe6050c19320ba68564e8cf3c82

    • SSDEEP

      12288:r91idWEW7UN5vDnSX1zCyG/JW+50zKlDWjDS6VtgMyie2:r+YiUzCVR0FDSMtZyie2

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks