General

  • Target

    11baaace8d136b7c77dbe47a6e66d9da412b1d6020e4a7bd1b8eccdff3424a80

  • Size

    1.4MB

  • Sample

    240521-bval8adg38

  • MD5

    572df159d11e54a0e98ac0f622de3f61

  • SHA1

    ab999fff67ebef6ce8a28607c9e273241354980d

  • SHA256

    11baaace8d136b7c77dbe47a6e66d9da412b1d6020e4a7bd1b8eccdff3424a80

  • SHA512

    2379f7c2aa1b54c77776242d17d7bb94f2d9a371eec3c6f7900bc696b0d607667c3bad12432a3e25259668bbb7abcc67bff70058629dc131686274916076dcd1

  • SSDEEP

    24576:M5XHaceSJ8PaarB9qthRXxQj3I/SytHZJIB2WnImD7Pj8FQOE/ikAaJB2Xg/S:YAzaAohRXxQj4KyFZa2WnN7Pj6yikAAE

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6504306102:AAE5nOKaRhW2-ZDPf7N53z1hTC08pRoLsyw/

Targets

    • Target

      11baaace8d136b7c77dbe47a6e66d9da412b1d6020e4a7bd1b8eccdff3424a80

    • Size

      1.4MB

    • MD5

      572df159d11e54a0e98ac0f622de3f61

    • SHA1

      ab999fff67ebef6ce8a28607c9e273241354980d

    • SHA256

      11baaace8d136b7c77dbe47a6e66d9da412b1d6020e4a7bd1b8eccdff3424a80

    • SHA512

      2379f7c2aa1b54c77776242d17d7bb94f2d9a371eec3c6f7900bc696b0d607667c3bad12432a3e25259668bbb7abcc67bff70058629dc131686274916076dcd1

    • SSDEEP

      24576:M5XHaceSJ8PaarB9qthRXxQj3I/SytHZJIB2WnImD7Pj8FQOE/ikAaJB2Xg/S:YAzaAohRXxQj4KyFZa2WnN7Pj6yikAAE

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks