General

  • Target

    5e995f13ba46ff2eccae59c67f54c91f78ad7436501b1091f9cae65e78b91d35

  • Size

    1020KB

  • Sample

    240604-by1ykshd69

  • MD5

    a75a9c38a86e4072a094906ea4fc02e9

  • SHA1

    9cec22cf1627d2b38466e1e535ffdfb0cc1f91bb

  • SHA256

    5e995f13ba46ff2eccae59c67f54c91f78ad7436501b1091f9cae65e78b91d35

  • SHA512

    5ac183b16175ff53e0056cddbb243a8ed07e51c053f5c46859799e4b2f27d1a5813773ae7c505b31c016aafe45e0886a75d87e4c97ce8d270f40d9d0bf808a87

  • SSDEEP

    24576:6AHnh+eWsN3skA4RV1Hom2KXMmHaEbeXQYbBlI5:Nh+ZkldoPK8YaEKAiC

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      5e995f13ba46ff2eccae59c67f54c91f78ad7436501b1091f9cae65e78b91d35

    • Size

      1020KB

    • MD5

      a75a9c38a86e4072a094906ea4fc02e9

    • SHA1

      9cec22cf1627d2b38466e1e535ffdfb0cc1f91bb

    • SHA256

      5e995f13ba46ff2eccae59c67f54c91f78ad7436501b1091f9cae65e78b91d35

    • SHA512

      5ac183b16175ff53e0056cddbb243a8ed07e51c053f5c46859799e4b2f27d1a5813773ae7c505b31c016aafe45e0886a75d87e4c97ce8d270f40d9d0bf808a87

    • SSDEEP

      24576:6AHnh+eWsN3skA4RV1Hom2KXMmHaEbeXQYbBlI5:Nh+ZkldoPK8YaEKAiC

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks