General

  • Target

    d966d9141e6f7648149e38012fc8bcdb9734247521b82922bb354243805dcf39.exe

  • Size

    677KB

  • Sample

    240601-w1brpabf47

  • MD5

    570e9b4a9ab96322ea6062acd5f68a90

  • SHA1

    713f9ec3d66a473234eecb9895ec6dfc103e165c

  • SHA256

    d966d9141e6f7648149e38012fc8bcdb9734247521b82922bb354243805dcf39

  • SHA512

    21130539ea010e55bbc3f31b33e8582a776f187172dbf39abb60f5c7076d00004eb34a41d95dca68e8d548b766158c70734ed9a0407badd3e67b69ea5295e37d

  • SSDEEP

    12288:9DR+RDgHCN1ZB4PNRECO8+dInETxDG5CmtwPqv3q5+mFl5FQZA:nIDgq1ZB40pdIKOWPqSu

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      d966d9141e6f7648149e38012fc8bcdb9734247521b82922bb354243805dcf39.exe

    • Size

      677KB

    • MD5

      570e9b4a9ab96322ea6062acd5f68a90

    • SHA1

      713f9ec3d66a473234eecb9895ec6dfc103e165c

    • SHA256

      d966d9141e6f7648149e38012fc8bcdb9734247521b82922bb354243805dcf39

    • SHA512

      21130539ea010e55bbc3f31b33e8582a776f187172dbf39abb60f5c7076d00004eb34a41d95dca68e8d548b766158c70734ed9a0407badd3e67b69ea5295e37d

    • SSDEEP

      12288:9DR+RDgHCN1ZB4PNRECO8+dInETxDG5CmtwPqv3q5+mFl5FQZA:nIDgq1ZB40pdIKOWPqSu

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks