General

  • Target

    bd7e5c87f49602b8510f3f2bdc4b54d0f3a0c36a8712b0e823d6eeb640c6ee0b

  • Size

    1023KB

  • Sample

    240519-bmwvgsaf2v

  • MD5

    4562898670e9e060dc9a403ff6f00d38

  • SHA1

    a66018fa370732433ab2b131101b9750d3065a32

  • SHA256

    bd7e5c87f49602b8510f3f2bdc4b54d0f3a0c36a8712b0e823d6eeb640c6ee0b

  • SHA512

    265465649a654574df54a5a0ef925b1a00ffa7dbcf2f2e0ee1852866b755fa2e096c0abaab9ede80d7bb4fc8873a03599fc0ff7acf1aace61d5d52e680e9beee

  • SSDEEP

    24576:AbDG+hkszyqFaciQSQ+HEoT4O+g1oyTNuivUibF:IG+h9O0mQX6EI+KoMzMibF

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      bd7e5c87f49602b8510f3f2bdc4b54d0f3a0c36a8712b0e823d6eeb640c6ee0b

    • Size

      1023KB

    • MD5

      4562898670e9e060dc9a403ff6f00d38

    • SHA1

      a66018fa370732433ab2b131101b9750d3065a32

    • SHA256

      bd7e5c87f49602b8510f3f2bdc4b54d0f3a0c36a8712b0e823d6eeb640c6ee0b

    • SHA512

      265465649a654574df54a5a0ef925b1a00ffa7dbcf2f2e0ee1852866b755fa2e096c0abaab9ede80d7bb4fc8873a03599fc0ff7acf1aace61d5d52e680e9beee

    • SSDEEP

      24576:AbDG+hkszyqFaciQSQ+HEoT4O+g1oyTNuivUibF:IG+h9O0mQX6EI+KoMzMibF

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks