General

  • Target

    57b6b7a5011b1e0d3b8a43da9c78528e3a133cd20f5f9cf72c6359dab423693a

  • Size

    1.1MB

  • Sample

    240604-bgxvlafg7w

  • MD5

    381818e580f43857b5dd3da539308e69

  • SHA1

    3735e0d48dd8f7cc9988b319cd62c68ec0d40a4c

  • SHA256

    57b6b7a5011b1e0d3b8a43da9c78528e3a133cd20f5f9cf72c6359dab423693a

  • SHA512

    7ebb9a3bb8e240d334271ca5496a7400096fb142a0c80f8f5865e477e20093be85afc5278367f599be7e9738d405a75b5dcef38ded06b4cb2a1ecde7453e8736

  • SSDEEP

    24576:XJ1049HlMMkkelLuAmJyrAs7+1/G06nnjqKoes:c2HlLkdlLuA+yF7YqjqKoes

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      57b6b7a5011b1e0d3b8a43da9c78528e3a133cd20f5f9cf72c6359dab423693a

    • Size

      1.1MB

    • MD5

      381818e580f43857b5dd3da539308e69

    • SHA1

      3735e0d48dd8f7cc9988b319cd62c68ec0d40a4c

    • SHA256

      57b6b7a5011b1e0d3b8a43da9c78528e3a133cd20f5f9cf72c6359dab423693a

    • SHA512

      7ebb9a3bb8e240d334271ca5496a7400096fb142a0c80f8f5865e477e20093be85afc5278367f599be7e9738d405a75b5dcef38ded06b4cb2a1ecde7453e8736

    • SSDEEP

      24576:XJ1049HlMMkkelLuAmJyrAs7+1/G06nnjqKoes:c2HlLkdlLuA+yF7YqjqKoes

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks