General

  • Target

    8fc5983522a6e3300574f6890d02a51c7da7143dcff9d00adfabefb9edc20fb8

  • Size

    750KB

  • Sample

    240417-rxd1esdf7x

  • MD5

    f00efa618af9535800131867973acae0

  • SHA1

    5f761d93ccd868ee2eb5cd3a0d4d547266c0f2a8

  • SHA256

    8fc5983522a6e3300574f6890d02a51c7da7143dcff9d00adfabefb9edc20fb8

  • SHA512

    41fe04f3b9cfa25ef00d64dc6db2322449445902860cb0ea0470a744ce8686b57ae2e0d227b9b6890f0e486434f44f7b7ff59ce23112211518a39c6cf9bfc5e1

  • SSDEEP

    12288:istNCWdH0Pld6EMJc/TeiNsn+T9zeZYLdCh2sQFDQ5akT6yDtCLjGL5UHW2iRDfs:ptUWmzgcNNW8AOLdCh2saQ5akT7GCiHT

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      d8286c3d02b19e69b2b8520eff324fa516dfb49320450e3858c3570871bb78ae.exe

    • Size

      781KB

    • MD5

      5b43ef2d931de1993c4248bf399c1fd8

    • SHA1

      ed608317e496b4518c80bd4cd57c8172df8cd484

    • SHA256

      d8286c3d02b19e69b2b8520eff324fa516dfb49320450e3858c3570871bb78ae

    • SHA512

      a4d31809ed1f3abc4df4f840bf6bb884470badbd00b37666536bf68c33e9cf24a712dda9e0530625256b488f69fcc381338f705d4306cbf6a5ddadc145ecd2af

    • SSDEEP

      24576:yV68yq0N46w9Bk+pO4rhiRsUVI6AMH9cx:yVsqCiDpHQR10MH

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks