General

  • Target

    514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3.xlsx

  • Size

    14KB

  • Sample

    240523-q1xfhadc98

  • MD5

    b21f485299919357e9a90b9ab275d23a

  • SHA1

    f70d73fd6646a872428f9082549aebfad445d371

  • SHA256

    514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3

  • SHA512

    fb0e94219af45c5c8fe599b74dd139564b885a842c999bd2422d658a12d74446fface38235902493c9b7bff576226e55dd21d1b149645d868479739842b57034

  • SSDEEP

    384:P4+dXIZwO4vs7zR9IoFTbBgaWab88citqhkA6:g+lIYgIoFTbdWao8/qhkA6

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3.xlsx

    • Size

      14KB

    • MD5

      b21f485299919357e9a90b9ab275d23a

    • SHA1

      f70d73fd6646a872428f9082549aebfad445d371

    • SHA256

      514266ecbe03893240e9d85f2d3ffdecc2ab09f1ac35cc312ee4112e02d24fe3

    • SHA512

      fb0e94219af45c5c8fe599b74dd139564b885a842c999bd2422d658a12d74446fface38235902493c9b7bff576226e55dd21d1b149645d868479739842b57034

    • SSDEEP

      384:P4+dXIZwO4vs7zR9IoFTbBgaWab88citqhkA6:g+lIYgIoFTbdWao8/qhkA6

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks