General

  • Target

    c075f176b8b22e58f075616a4f8cdc8bda29190b9799b70a1ec072aee95d4c54

  • Size

    535KB

  • Sample

    240523-cxzjssag63

  • MD5

    a9239e394b0d873e78af4d427adba27b

  • SHA1

    29012f648fb42e7e532467a77a0b4f6a83404527

  • SHA256

    c075f176b8b22e58f075616a4f8cdc8bda29190b9799b70a1ec072aee95d4c54

  • SHA512

    64d32b342b2e39a66408df95b5df569dd900e4c5dbaea92db450220fb2cb09e1b1cf12d60e6e29faa2f9a82232261c7cc308bb2741e3471a784962ee6cc8859f

  • SSDEEP

    12288:VYV6MorX7qzuC3QHO9FQVHPF51jgcxqLbJd3OwnBrhGlbL:KBXu9HGaVHYJ9XJGf

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      c075f176b8b22e58f075616a4f8cdc8bda29190b9799b70a1ec072aee95d4c54

    • Size

      535KB

    • MD5

      a9239e394b0d873e78af4d427adba27b

    • SHA1

      29012f648fb42e7e532467a77a0b4f6a83404527

    • SHA256

      c075f176b8b22e58f075616a4f8cdc8bda29190b9799b70a1ec072aee95d4c54

    • SHA512

      64d32b342b2e39a66408df95b5df569dd900e4c5dbaea92db450220fb2cb09e1b1cf12d60e6e29faa2f9a82232261c7cc308bb2741e3471a784962ee6cc8859f

    • SSDEEP

      12288:VYV6MorX7qzuC3QHO9FQVHPF51jgcxqLbJd3OwnBrhGlbL:KBXu9HGaVHYJ9XJGf

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks