General

  • Target

    FACTURA.exe

  • Size

    1.1MB

  • Sample

    240403-m8kj5acd6x

  • MD5

    ac0e9865c24a0678d2cee67a7e91ab80

  • SHA1

    1523c2eced8c66d9996b714db621309f93617a51

  • SHA256

    6102e8a27367b379714554fc2034d631e6f0eb83b465ecb0263171c3a397b51a

  • SHA512

    b72c5e8fcfac228f23f5b978a366be8e89aaf08892bbc2b745dafcea5d05101d734a655a745340e27bdf30b0939c1c938ff5f441709b64c1447c45bc145cb7d8

  • SSDEEP

    24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8ajRCwb1VbtyBhKEA2Z:1TvC/MTQYxsWR7ajQwb3btkhhb

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      FACTURA.exe

    • Size

      1.1MB

    • MD5

      ac0e9865c24a0678d2cee67a7e91ab80

    • SHA1

      1523c2eced8c66d9996b714db621309f93617a51

    • SHA256

      6102e8a27367b379714554fc2034d631e6f0eb83b465ecb0263171c3a397b51a

    • SHA512

      b72c5e8fcfac228f23f5b978a366be8e89aaf08892bbc2b745dafcea5d05101d734a655a745340e27bdf30b0939c1c938ff5f441709b64c1447c45bc145cb7d8

    • SSDEEP

      24576:1qDEvCTbMWu7rQYlBQcBiT6rprG8ajRCwb1VbtyBhKEA2Z:1TvC/MTQYxsWR7ajQwb3btkhhb

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks