General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.22416.21846.exe

  • Size

    614KB

  • Sample

    231211-lasmeaaghm

  • MD5

    534ada5dc43de51c86b758d10aa1b9ae

  • SHA1

    b3495d15c67904b4221628e99de6882e0ef5e637

  • SHA256

    b16a0aacd60385856b541ff2d1c01ea70bcaac5bb866083ca0f739268b800b50

  • SHA512

    8ceb9521201cdf925f14a5cade0535174f757a94eb7f3d5db0838e435a45375c15de76cd6e4002ee67e21a0b7648954db1bd2962f57915e98ce76593cb90748b

  • SSDEEP

    12288:u3IU8S6eUduix+CIh2c5dnY1JQWt+oCDFeEFwwPtjohbBc/X/E+2F0kKvRq:kItSAduix+CU2IYWFeXeUhtcv87yz0

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.22416.21846.exe

    • Size

      614KB

    • MD5

      534ada5dc43de51c86b758d10aa1b9ae

    • SHA1

      b3495d15c67904b4221628e99de6882e0ef5e637

    • SHA256

      b16a0aacd60385856b541ff2d1c01ea70bcaac5bb866083ca0f739268b800b50

    • SHA512

      8ceb9521201cdf925f14a5cade0535174f757a94eb7f3d5db0838e435a45375c15de76cd6e4002ee67e21a0b7648954db1bd2962f57915e98ce76593cb90748b

    • SSDEEP

      12288:u3IU8S6eUduix+CIh2c5dnY1JQWt+oCDFeEFwwPtjohbBc/X/E+2F0kKvRq:kItSAduix+CU2IYWFeXeUhtcv87yz0

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks