General

  • Target

    e72e56922a30310486f3078a3617ba9c95dea941ec114dea9a85479cd03146cb

  • Size

    752KB

  • Sample

    240604-bgxvlafg7v

  • MD5

    8ed54e0540b6852c3c9bb316d8e51e25

  • SHA1

    0f383c9172b8aea9b5b5f5075479613b06a30654

  • SHA256

    e72e56922a30310486f3078a3617ba9c95dea941ec114dea9a85479cd03146cb

  • SHA512

    c7fe26508a71459922c4919c595ba74e1c5dac01c92c5cacca3063b99ba2d802d7a60fd87302a94b409775fb511dfe2e0fb47811d92ff52ed2b08d6bd1260c09

  • SSDEEP

    12288:9EkpO8mUKNr+uOda3AnssPra4zvbnRqtQzYUYer+x9tix1azs:S82CuOdmALPe4zTktQzYaE9cLao

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      e72e56922a30310486f3078a3617ba9c95dea941ec114dea9a85479cd03146cb

    • Size

      752KB

    • MD5

      8ed54e0540b6852c3c9bb316d8e51e25

    • SHA1

      0f383c9172b8aea9b5b5f5075479613b06a30654

    • SHA256

      e72e56922a30310486f3078a3617ba9c95dea941ec114dea9a85479cd03146cb

    • SHA512

      c7fe26508a71459922c4919c595ba74e1c5dac01c92c5cacca3063b99ba2d802d7a60fd87302a94b409775fb511dfe2e0fb47811d92ff52ed2b08d6bd1260c09

    • SSDEEP

      12288:9EkpO8mUKNr+uOda3AnssPra4zvbnRqtQzYUYer+x9tix1azs:S82CuOdmALPe4zTktQzYaE9cLao

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks