General

  • Target

    b0cb550e767310e229f1b54bbf243b318686ff87864f7c7865ba21585ba64cab

  • Size

    1.0MB

  • Sample

    240604-b7vg6ahh32

  • MD5

    d19c24e5246758995368564c5f40922b

  • SHA1

    f3f105a6483c5e87ade79409aaa301794eb03e81

  • SHA256

    b0cb550e767310e229f1b54bbf243b318686ff87864f7c7865ba21585ba64cab

  • SHA512

    c4e19a8abbaff58100dcc38f29207099a27347f9e63beee6216befd068b9d0215326b1355a5e60122c92136723b70644bcdfa623326808824608b363753a5d7b

  • SSDEEP

    24576:vAHnh+eWsN3skA4RV1Hom2KXMmHaXhJN74j2Dxc4b5:Sh+ZkldoPK8YaX3aj2Dxcs

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      b0cb550e767310e229f1b54bbf243b318686ff87864f7c7865ba21585ba64cab

    • Size

      1.0MB

    • MD5

      d19c24e5246758995368564c5f40922b

    • SHA1

      f3f105a6483c5e87ade79409aaa301794eb03e81

    • SHA256

      b0cb550e767310e229f1b54bbf243b318686ff87864f7c7865ba21585ba64cab

    • SHA512

      c4e19a8abbaff58100dcc38f29207099a27347f9e63beee6216befd068b9d0215326b1355a5e60122c92136723b70644bcdfa623326808824608b363753a5d7b

    • SSDEEP

      24576:vAHnh+eWsN3skA4RV1Hom2KXMmHaXhJN74j2Dxc4b5:Sh+ZkldoPK8YaX3aj2Dxcs

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks