General

  • Target

    file.xe.exe

  • Size

    258KB

  • Sample

    240603-hj7wxagd55

  • MD5

    9916f832489d7b77c8fe907d137e3ee4

  • SHA1

    6b5a82f007006c3cd052e3bb78958aee0bd2b0f8

  • SHA256

    e1457bcac74924e36c146710904fa20870b8c7134c911c94bdc8131f3d4b14db

  • SHA512

    b102590663b10885be2e70adc158948b654d93ae39732ea8cdc71c626f0d582e677e9003ccfc86e00b5b5b7c070dd3358d33274114e85ca3f91867af915a40d9

  • SSDEEP

    3072:UVPWsME5CVuLoaJubD/4gU0HlSpZpao1+fhohP5VRlZArZF2eG/Zvo2dnSSvw4G0:CPnDTgUYSt5BZJZgO

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6964521282:AAFATiXXOD1QQSc4bxFkZcgVAEKJ0TIOH5w/

Targets

    • Target

      file.xe.exe

    • Size

      258KB

    • MD5

      9916f832489d7b77c8fe907d137e3ee4

    • SHA1

      6b5a82f007006c3cd052e3bb78958aee0bd2b0f8

    • SHA256

      e1457bcac74924e36c146710904fa20870b8c7134c911c94bdc8131f3d4b14db

    • SHA512

      b102590663b10885be2e70adc158948b654d93ae39732ea8cdc71c626f0d582e677e9003ccfc86e00b5b5b7c070dd3358d33274114e85ca3f91867af915a40d9

    • SSDEEP

      3072:UVPWsME5CVuLoaJubD/4gU0HlSpZpao1+fhohP5VRlZArZF2eG/Zvo2dnSSvw4G0:CPnDTgUYSt5BZJZgO

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks