General

  • Target

    6f514cee068de077bc07229ba29dfc9793fbe9310fcf32ce1d1b6aabd7f2e619.zip

  • Size

    712KB

  • Sample

    240517-mwl77aef58

  • MD5

    c915f19011572440cf59001981d64899

  • SHA1

    5e4ded523a3bb019bd268d8b0d1fbfa82480b5dc

  • SHA256

    6f514cee068de077bc07229ba29dfc9793fbe9310fcf32ce1d1b6aabd7f2e619

  • SHA512

    4ba292587713b41aa21decb88bc2e825f7fbd8f08a7f153b2c3c722c7341b7c4bc4d2b770235adf174b17422474124e907e96f88a69346a8e1012de64c597b63

  • SSDEEP

    12288:yLGpAGQqtfDxBUS7ozOmbdK9CyxfSD5T+odlHFdcj9Nf4XnfUrH72MAlzIFgjzK:yZtofDxBPo6aK071T+YNFdcjUPQKV8e6

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      ODC#PO 450062895009857465432356787576567446333.exe

    • Size

      817KB

    • MD5

      62297cab0c2c0b44b799947a9c36bfbb

    • SHA1

      122ba3bd9b3e7b5532e41e87767872ea204127a4

    • SHA256

      e13c9eec73a4dd42fb201af59b3b2b1ba81a7ac7b16864f9e336953bbd4bece5

    • SHA512

      14ff801c9a76f4cf296813180b26d4f4e348ad46b8d3356d605f36b59433ab9b444a98a6c9b100a9c08f0cbcbbb824bdc14b2bccaa7a68325684fde47a93d095

    • SSDEEP

      24576:A8lwJSNITf1zB5LgfTqADF3cjyhOL+wY3U:LlmaID5LgfTqADFqawEU

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks