General

  • Target

    35d380ecc9dd9ec0c1ceb4185baaa283caf1bfcb012ffc79a98569126fc5a040

  • Size

    832KB

  • Sample

    240612-b4865syand

  • MD5

    624287a4c65dc15c11448ab9a18b197d

  • SHA1

    985e68377849c429f8408863ae67850827cf7fa0

  • SHA256

    35d380ecc9dd9ec0c1ceb4185baaa283caf1bfcb012ffc79a98569126fc5a040

  • SHA512

    ae16afa727451cb17795d83b74eec5c1f84681852eedd5970306837ec41cba4f6c881c130215e478d53aa87e3b310bb9854d000008e5dd69c7d60f3b5a5c7a66

  • SSDEEP

    24576:1Mm5SH6MIl3LkGDhsmD/U0UN/qiCggCTYRL:1Mm5Lnl7kSU1yijXMRL

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      35d380ecc9dd9ec0c1ceb4185baaa283caf1bfcb012ffc79a98569126fc5a040

    • Size

      832KB

    • MD5

      624287a4c65dc15c11448ab9a18b197d

    • SHA1

      985e68377849c429f8408863ae67850827cf7fa0

    • SHA256

      35d380ecc9dd9ec0c1ceb4185baaa283caf1bfcb012ffc79a98569126fc5a040

    • SHA512

      ae16afa727451cb17795d83b74eec5c1f84681852eedd5970306837ec41cba4f6c881c130215e478d53aa87e3b310bb9854d000008e5dd69c7d60f3b5a5c7a66

    • SSDEEP

      24576:1Mm5SH6MIl3LkGDhsmD/U0UN/qiCggCTYRL:1Mm5Lnl7kSU1yijXMRL

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks