General

  • Target

    fae69b134cf4349b6caaac924c73c20172e9c6768501e4b63fc386bbe5ef7205

  • Size

    771KB

  • Sample

    240427-b37lxshc8x

  • MD5

    59457f5e10d1ff4febded505f7f681e6

  • SHA1

    1be7d43317d5639bce5715c21b76c040ef185a2c

  • SHA256

    fae69b134cf4349b6caaac924c73c20172e9c6768501e4b63fc386bbe5ef7205

  • SHA512

    f943f9af4e6f2bec7cf4bd5f769059eff1d418c653325e97a96f5e5f6ca1b3251cd977d63d3cb0fbc2dce91fd16d9ecf550732b744ae50c1cadaffb538bc1fb8

  • SSDEEP

    12288:jozSA/e8HBdq2/FrhEucx4B7/BHivfrwq3tkMY0ghW7+4dqdA7i1a4aqWjbUh55j:jbgdBBppB7YbrmMYBP4+a4YynvWuSA

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      statement and invoices.exe

    • Size

      828KB

    • MD5

      7ca522120ba2f516eeabd3d3979c14eb

    • SHA1

      3da00a3e7c38b1cab49e7a443a33de11dbd642fc

    • SHA256

      9da495f395181d2188e798281ad85b82acdf6d1185c28885fe193c6c48f78a93

    • SHA512

      2eb76c682e5f86f6148750003e4b51375d7ac58e3486157b0c55da98073fb6f852fa0ef209115f0c8223e2f081df4ecff56e181af540da49fd0819a832cb73b8

    • SSDEEP

      24576:bDPjKr5BND8Vqr4MYBt7xa42c//Bs9zEi:vk5BNggrzia7c3SF

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks