General

  • Target

    75c221ba937ac5b43e8e44d0e5e311bf7ad7105df44a7b09e073a224e9a7c3a3.exe

  • Size

    1.0MB

  • Sample

    240519-bvyn2sbb8z

  • MD5

    707ff5d813d814fa2989bd8a4664258f

  • SHA1

    393439231f83ecbe9aa6a81e74b460e7b7f217a5

  • SHA256

    75c221ba937ac5b43e8e44d0e5e311bf7ad7105df44a7b09e073a224e9a7c3a3

  • SHA512

    34565d6f74de5f97045afe56aa1d612dc11f02b374a37ae769439984c0a04ecfd748813c081445336d63eaca3eba9a9250d618cdc7b0fa153612faf1187ab3e8

  • SSDEEP

    24576:8RUNoVV7+21VERgf/UWgQwoM4tKFMkzl/5A9:8Wqr7++SWf/UW3wNrFzzla9

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      75c221ba937ac5b43e8e44d0e5e311bf7ad7105df44a7b09e073a224e9a7c3a3.exe

    • Size

      1.0MB

    • MD5

      707ff5d813d814fa2989bd8a4664258f

    • SHA1

      393439231f83ecbe9aa6a81e74b460e7b7f217a5

    • SHA256

      75c221ba937ac5b43e8e44d0e5e311bf7ad7105df44a7b09e073a224e9a7c3a3

    • SHA512

      34565d6f74de5f97045afe56aa1d612dc11f02b374a37ae769439984c0a04ecfd748813c081445336d63eaca3eba9a9250d618cdc7b0fa153612faf1187ab3e8

    • SSDEEP

      24576:8RUNoVV7+21VERgf/UWgQwoM4tKFMkzl/5A9:8Wqr7++SWf/UW3wNrFzzla9

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • UAC bypass

    • Windows security bypass

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables packed with or use KoiVM

    • Detects executables referencing Windows vault credential objects. Observed in infostealers

    • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

    • Detects executables referencing many email and collaboration clients. Observed in information stealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks