General

  • Target

    9850d360aafb1897fa5452ba024d77062e3d55cd4f3985c0b85ab1f333678e9a.exe

  • Size

    599KB

  • Sample

    240408-nwp5hsbf6w

  • MD5

    05fc8c317d930cb9a38241e2acd12b6b

  • SHA1

    8ccb99e44aab813419f4a64d07bc05c7f40067fe

  • SHA256

    9850d360aafb1897fa5452ba024d77062e3d55cd4f3985c0b85ab1f333678e9a

  • SHA512

    56d0128c721ff4cc74033c1405eefa560bd3634aab24bd07b174d219aefdf6c8c294ed8e0194840e00974e5d77035bbca062053a2f8f7b23be00cf5046df04c8

  • SSDEEP

    12288:aJH5uUobt6yZqiPuSaUQvud1mlTP9yYXkuXIxc4wJiQ8OxVHE0D:CobIyEiPuvUSuSd9yYXctcNxi0D

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    email.globeauto.in
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Mohali@@1#

Targets

    • Target

      9850d360aafb1897fa5452ba024d77062e3d55cd4f3985c0b85ab1f333678e9a.exe

    • Size

      599KB

    • MD5

      05fc8c317d930cb9a38241e2acd12b6b

    • SHA1

      8ccb99e44aab813419f4a64d07bc05c7f40067fe

    • SHA256

      9850d360aafb1897fa5452ba024d77062e3d55cd4f3985c0b85ab1f333678e9a

    • SHA512

      56d0128c721ff4cc74033c1405eefa560bd3634aab24bd07b174d219aefdf6c8c294ed8e0194840e00974e5d77035bbca062053a2f8f7b23be00cf5046df04c8

    • SSDEEP

      12288:aJH5uUobt6yZqiPuSaUQvud1mlTP9yYXkuXIxc4wJiQ8OxVHE0D:CobIyEiPuvUSuSd9yYXctcNxi0D

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks