General

  • Target

    165b5c3138801714eac7bc3f21f48adcdf2974931f611c9297de06064f8f96aa

  • Size

    1.1MB

  • Sample

    240521-br35csea51

  • MD5

    35c7b17806d7bf19b876494331facdc2

  • SHA1

    e329a04ca002bba4035156d0ede400ac76da3ff9

  • SHA256

    165b5c3138801714eac7bc3f21f48adcdf2974931f611c9297de06064f8f96aa

  • SHA512

    87e6df241de0b6bff063dc13e4017d61eacf539a3fff1a56168d2881fcac120ecd5bb985f8a91f7e75d4dbbdeb2561e930a4e3e5b1efeebeebbd02aa47b3047d

  • SSDEEP

    24576:KUYVW+vMHWCbBmvkFRdtdrzJXfHdzU/GZa4fsIchjz2X7ZD2Kcl:8JLCbBisdDrzcI6P/I7ZSKcl

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      165b5c3138801714eac7bc3f21f48adcdf2974931f611c9297de06064f8f96aa

    • Size

      1.1MB

    • MD5

      35c7b17806d7bf19b876494331facdc2

    • SHA1

      e329a04ca002bba4035156d0ede400ac76da3ff9

    • SHA256

      165b5c3138801714eac7bc3f21f48adcdf2974931f611c9297de06064f8f96aa

    • SHA512

      87e6df241de0b6bff063dc13e4017d61eacf539a3fff1a56168d2881fcac120ecd5bb985f8a91f7e75d4dbbdeb2561e930a4e3e5b1efeebeebbd02aa47b3047d

    • SSDEEP

      24576:KUYVW+vMHWCbBmvkFRdtdrzJXfHdzU/GZa4fsIchjz2X7ZD2Kcl:8JLCbBisdDrzcI6P/I7ZSKcl

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks