General

  • Target

    PO10-02082.exe

  • Size

    1.2MB

  • Sample

    240603-hks45sfc4x

  • MD5

    841b7226973d5905c47d0e8be08726ef

  • SHA1

    47bc2b758e151d2c0b54d04a3143e62e3b5453c8

  • SHA256

    5e8375112fb300e9eb4c7bc2d53c2577f60a319813d199814ff316ac88777650

  • SHA512

    55d5958cf7937c55764fb7848c49e94422cd62e5faa4ea959877b468ea5f67e98ae6953d2036c32fbe15566c90f55f0d02176df8d35f8e397bebad7ce9205d30

  • SSDEEP

    24576:GAHnh+eWsN3skA4RV1Hom2KXMmHarmYVXk8p85:hh+ZkldoPK8YarrtU

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6979498858:AAECq2B31MrnKIQo8rrCWW1pczfrEtn7hPQ/

Targets

    • Target

      PO10-02082.exe

    • Size

      1.2MB

    • MD5

      841b7226973d5905c47d0e8be08726ef

    • SHA1

      47bc2b758e151d2c0b54d04a3143e62e3b5453c8

    • SHA256

      5e8375112fb300e9eb4c7bc2d53c2577f60a319813d199814ff316ac88777650

    • SHA512

      55d5958cf7937c55764fb7848c49e94422cd62e5faa4ea959877b468ea5f67e98ae6953d2036c32fbe15566c90f55f0d02176df8d35f8e397bebad7ce9205d30

    • SSDEEP

      24576:GAHnh+eWsN3skA4RV1Hom2KXMmHarmYVXk8p85:hh+ZkldoPK8YarrtU

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks