General

  • Target

    3431cb842330770cdcd77c7b18fb3825.bin

  • Size

    662KB

  • Sample

    240224-bv146sdg75

  • MD5

    e42b2edea7c4666757139dd56ccc0f2a

  • SHA1

    e8afe92d77bc326ab63b75a4d1e869b39cf927b5

  • SHA256

    8a2ff741ef3d1386ee89e8d84be4f2fc4fb194ac321a687e70bdcc3908edf38b

  • SHA512

    a812b5a026f8109c913c79393fdcdc0afbd0367cf0e369aa3703fe2bc42e469bbe47a11a7af1354143d8dddc7640b118f9102e9e32c0c246a511312bf7b9fe77

  • SSDEEP

    12288:tpmzmcXgznKPN/ucOja9EE1mUHi3RFxrSWpFGcpqlTyeK1JB6vh5NsS8:tPqgzmNmja95UUYEWpLMlueK1n6v5sv

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64.exe

    • Size

      687KB

    • MD5

      3431cb842330770cdcd77c7b18fb3825

    • SHA1

      a2092b85970c2e60d0c697718516e8db18298608

    • SHA256

      23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64

    • SHA512

      f4dfbf95ffd52b8d413ee92b9132361b2a5ccfce3650229ac2cc67d8c66ce23104e7133ef0424c5e53c88564add291a947659e12851ffa83898507b119e5f730

    • SSDEEP

      12288:ows/3P5Ujd53Llv+7UNJksS8xrmo3P2JBIBOV8vgmeS71Ovh:cBK5hTxrBv4S71s

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks