General

  • Target

    n1KVzXM8Wk.exe

  • Size

    39KB

  • Sample

    240223-km58laed97

  • MD5

    72b14801621eb5aaee0715dfc65d8b72

  • SHA1

    2f4b2859fa8d1db18bc639622dddc5025af07c60

  • SHA256

    49022d920d3b36c58eba1f941352a936a71aaac99cdacf65a925e0dc655bd232

  • SHA512

    f4458dbf87702431e37ac9270ca80713032bcb3f014f4571637692a93fc0a03ca4079fb5141ccf9a1c908ea6e87d871101afff62ead3ecac168b583dcc79e829

  • SSDEEP

    768:Ie/nw7Mz9fldvI8rOessjPTInb69EyvWWgv5n:/UMz9fldgYOFsjPTIb69E4gv1

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      n1KVzXM8Wk.exe

    • Size

      39KB

    • MD5

      72b14801621eb5aaee0715dfc65d8b72

    • SHA1

      2f4b2859fa8d1db18bc639622dddc5025af07c60

    • SHA256

      49022d920d3b36c58eba1f941352a936a71aaac99cdacf65a925e0dc655bd232

    • SHA512

      f4458dbf87702431e37ac9270ca80713032bcb3f014f4571637692a93fc0a03ca4079fb5141ccf9a1c908ea6e87d871101afff62ead3ecac168b583dcc79e829

    • SSDEEP

      768:Ie/nw7Mz9fldvI8rOessjPTInb69EyvWWgv5n:/UMz9fldgYOFsjPTIb69E4gv1

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Contacts a large (4500) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks