General

  • Target

    bank details.rar

  • Size

    668KB

  • Sample

    240609-s4r2asca6t

  • MD5

    442cebf6b5d6fd2e30400d92e2bac444

  • SHA1

    cb57cd12242814df2c67b0759912a1faeabcaadc

  • SHA256

    e849d28b8e499a4dac6152ac85d6959ec7267657ae28ba9955f8275fec0a2e46

  • SHA512

    368588984cff196a127484f8a50c9b54398d63613a1cdbe497d77bad01679406721c595f332469bb7d9f4ec5e16a73877f6b2d510fca3d2f80dadf973484f749

  • SSDEEP

    12288:w72bHUZ0xaA7Zk2dJAIEZzGzTTqb6ILSnVKndRxMG/NyScitojmauMSc:JwZ0A8pCzGzTTgYu/Nzc4ojLuMSc

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      bank details.exe

    • Size

      804KB

    • MD5

      aef42942c28ddb020f9694c8b701873f

    • SHA1

      b2f5168edc9b1b9bbdbcc8089ae24dc852ed0080

    • SHA256

      255306dc51f8e03d60b15c31fcda56678224ff0e6781266a47aa71d5897429e7

    • SHA512

      fcc62ed477853e90909f89612b2445afe4d90addc01fd90c2e4628d2dc4246649f37e07fac22bd958c8241004d39851a29dc4113da2b43f46e403a785225477c

    • SSDEEP

      24576:ECTC3c6eWT56abnuA4y4pCmncHCHzs8j4gtY+VTqCo:Eyq56abnuNpCmncH81j4gtY+VTqp

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks