General

  • Target

    SecuriteInfo.com.Win32.RATX-gen.18898.23590.exe

  • Size

    671KB

  • Sample

    240429-fypmrsbg7y

  • MD5

    fd9af8f629d0d2e3e8cc132cdff97497

  • SHA1

    1552f3db433eb345809069d011f2fb9684032738

  • SHA256

    5d2b78785f719fda04cda095b4dfb75d00440fc39ab6e52d176a74786541bdaf

  • SHA512

    227da1c0f9e83d3b0e757f269b32d617aec47990c5eb6f6787b6036951bab11f5f51051b1c56478fedc1bb8ae04de8404db5d67c437d4c5f20faa1645a77598e

  • SSDEEP

    12288:y5B778QHjEpFzOiLqWEtkHyog+rUVHwP3yu1c2b2PIfQzk3bjzgtVlHxPpoTFqph:6BBiFz7LAkHDUVQPCu132csk3zybR+TS

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SecuriteInfo.com.Win32.RATX-gen.18898.23590.exe

    • Size

      671KB

    • MD5

      fd9af8f629d0d2e3e8cc132cdff97497

    • SHA1

      1552f3db433eb345809069d011f2fb9684032738

    • SHA256

      5d2b78785f719fda04cda095b4dfb75d00440fc39ab6e52d176a74786541bdaf

    • SHA512

      227da1c0f9e83d3b0e757f269b32d617aec47990c5eb6f6787b6036951bab11f5f51051b1c56478fedc1bb8ae04de8404db5d67c437d4c5f20faa1645a77598e

    • SSDEEP

      12288:y5B778QHjEpFzOiLqWEtkHyog+rUVHwP3yu1c2b2PIfQzk3bjzgtVlHxPpoTFqph:6BBiFz7LAkHDUVQPCu132csk3zybR+TS

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks