General

  • Target

    645a3812f159bc9a5bb58ccc5d507ea03ace7819b8f7bb45156f3e3b48f7e607.exe

  • Size

    403KB

  • Sample

    240518-larecadc7v

  • MD5

    a31aa0b68415520dba9357caa5f77756

  • SHA1

    a4e034c9f78a3032788e97677635e84e1bcd0170

  • SHA256

    645a3812f159bc9a5bb58ccc5d507ea03ace7819b8f7bb45156f3e3b48f7e607

  • SHA512

    9c5844eff53227e99bdbc52fac5e62e85952aa4e58516f85f1c2e211984936195f41784b305c5c8267880f9cbb3adcb09dedc4d3d1a9c7c4212e6cc8a52b5db7

  • SSDEEP

    1536:4Y8lD5pvVORG695kJtwCeZ746DyQbhp/w7FVQ7qPpqOLy0uyL+fh:aHpvriaJr2YQbhtwRmYuyc

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      645a3812f159bc9a5bb58ccc5d507ea03ace7819b8f7bb45156f3e3b48f7e607.exe

    • Size

      403KB

    • MD5

      a31aa0b68415520dba9357caa5f77756

    • SHA1

      a4e034c9f78a3032788e97677635e84e1bcd0170

    • SHA256

      645a3812f159bc9a5bb58ccc5d507ea03ace7819b8f7bb45156f3e3b48f7e607

    • SHA512

      9c5844eff53227e99bdbc52fac5e62e85952aa4e58516f85f1c2e211984936195f41784b305c5c8267880f9cbb3adcb09dedc4d3d1a9c7c4212e6cc8a52b5db7

    • SSDEEP

      1536:4Y8lD5pvVORG695kJtwCeZ746DyQbhp/w7FVQ7qPpqOLy0uyL+fh:aHpvriaJr2YQbhtwRmYuyc

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks