General

  • Target

    dd566ea9737c75cf44885c842a944952d23abc1fb315867b4f07c3b8f37ce01b.exe

  • Size

    977KB

  • Sample

    240609-k1q1tsgd7t

  • MD5

    1165b11c05474471dc47ff054f8e4398

  • SHA1

    41977ff5db4bac80d999bb8c5d6eceaee6d3b9ea

  • SHA256

    dd566ea9737c75cf44885c842a944952d23abc1fb315867b4f07c3b8f37ce01b

  • SHA512

    3dc9dbb18a581630daa00bc59d7aee668881c5464ab7b32b2bd65d9e80376c4e3d5029cce902c9576c05c58dc8c46b2ddf44e8b8add692b6065287c617a3cc6d

  • SSDEEP

    24576:1ggC3c6a+JXEbSEnORzgF4hWV5ukNaEIkq1BYyS+TigtY+VT3rMxV:1/YJXEbS9FkV5ukNaEL2uySuigtY+VTc

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      dd566ea9737c75cf44885c842a944952d23abc1fb315867b4f07c3b8f37ce01b.exe

    • Size

      977KB

    • MD5

      1165b11c05474471dc47ff054f8e4398

    • SHA1

      41977ff5db4bac80d999bb8c5d6eceaee6d3b9ea

    • SHA256

      dd566ea9737c75cf44885c842a944952d23abc1fb315867b4f07c3b8f37ce01b

    • SHA512

      3dc9dbb18a581630daa00bc59d7aee668881c5464ab7b32b2bd65d9e80376c4e3d5029cce902c9576c05c58dc8c46b2ddf44e8b8add692b6065287c617a3cc6d

    • SSDEEP

      24576:1ggC3c6a+JXEbSEnORzgF4hWV5ukNaEIkq1BYyS+TigtY+VT3rMxV:1/YJXEbS9FkV5ukNaEL2uySuigtY+VTc

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks