General

  • Target

    Additional Agreement5432.exe

  • Size

    1.0MB

  • Sample

    240603-ltxqgaae6v

  • MD5

    c31af689c2a98a34e4372db20e0468e0

  • SHA1

    a00007373d00cd7519d5c3520743d2fc7d7c05d6

  • SHA256

    589a2ca9b2c36da41ee6d7366e35c943f6c6165719e6e699c6b9dccedb4a6503

  • SHA512

    2bd225c396f07c0395fefd1ba14c1e53fa6311b54a097934bb19ee6a17236b24c120ba6314fffefdd5660e82a2a377bb986ea5541acb5dc19072ee7383725363

  • SSDEEP

    24576:jAHnh+eWsN3skA4RV1Hom2KXMmHawhJDLYbQeDtC6LZG5:uh+ZkldoPK8Yaw3s5DY6LS

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Additional Agreement5432.exe

    • Size

      1.0MB

    • MD5

      c31af689c2a98a34e4372db20e0468e0

    • SHA1

      a00007373d00cd7519d5c3520743d2fc7d7c05d6

    • SHA256

      589a2ca9b2c36da41ee6d7366e35c943f6c6165719e6e699c6b9dccedb4a6503

    • SHA512

      2bd225c396f07c0395fefd1ba14c1e53fa6311b54a097934bb19ee6a17236b24c120ba6314fffefdd5660e82a2a377bb986ea5541acb5dc19072ee7383725363

    • SSDEEP

      24576:jAHnh+eWsN3skA4RV1Hom2KXMmHawhJDLYbQeDtC6LZG5:uh+ZkldoPK8Yaw3s5DY6LS

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks