General

  • Target

    cbf0411886b4367a9fb71a8822c4b258a8dc7641de783dea7ff89b91eba7922f

  • Size

    1.0MB

  • Sample

    240519-bklazaad4w

  • MD5

    9bd835de046c6820faa61c12f5ccfd01

  • SHA1

    7f7e3726c785b42965b948ab9b652fad91f4a8e9

  • SHA256

    cbf0411886b4367a9fb71a8822c4b258a8dc7641de783dea7ff89b91eba7922f

  • SHA512

    af0770dc98b24dc7c977e82f2b058ca0dc373a4a4f776b6f5e75706788384e860f3d5c4fc80154646656dd64c0707df4bd076942c243c066f67a713d43352fb8

  • SSDEEP

    24576:9AHnh+eWsN3skA4RV1Hom2KXMmHaitC+YwoZgwi5:ch+ZkldoPK8YaiEsoZg1

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      cbf0411886b4367a9fb71a8822c4b258a8dc7641de783dea7ff89b91eba7922f

    • Size

      1.0MB

    • MD5

      9bd835de046c6820faa61c12f5ccfd01

    • SHA1

      7f7e3726c785b42965b948ab9b652fad91f4a8e9

    • SHA256

      cbf0411886b4367a9fb71a8822c4b258a8dc7641de783dea7ff89b91eba7922f

    • SHA512

      af0770dc98b24dc7c977e82f2b058ca0dc373a4a4f776b6f5e75706788384e860f3d5c4fc80154646656dd64c0707df4bd076942c243c066f67a713d43352fb8

    • SSDEEP

      24576:9AHnh+eWsN3skA4RV1Hom2KXMmHaitC+YwoZgwi5:ch+ZkldoPK8YaiEsoZg1

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks