General

  • Target

    cc723f0ac65ba121a16e61e57382c6d9f0158200933e629ae325264158be5d94

  • Size

    764KB

  • Sample

    240612-b7lj9aybjc

  • MD5

    3150f17a9cf82eb6249b6b64c10acc77

  • SHA1

    762e22cefa3175abee317d12038fdcd7447e0bec

  • SHA256

    cc723f0ac65ba121a16e61e57382c6d9f0158200933e629ae325264158be5d94

  • SHA512

    fa8b59df979367d8c07d2b0ef3940d76e26172c83f7cd22834f3621c29b35a9dda74ebf4f72fd2a463993dfa53098c1b7f3872f81bd36e36f1569abb9777b0f2

  • SSDEEP

    12288:/K2jD3HH3DI+ibrHGHr2zQXtGwI6P/q5M+S08uqVfXib23LZ/8EzY+Vv1B3ajFpU:i2jjH3DIpHs20dGwIueM+d8uQib23LZV

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      cc723f0ac65ba121a16e61e57382c6d9f0158200933e629ae325264158be5d94

    • Size

      764KB

    • MD5

      3150f17a9cf82eb6249b6b64c10acc77

    • SHA1

      762e22cefa3175abee317d12038fdcd7447e0bec

    • SHA256

      cc723f0ac65ba121a16e61e57382c6d9f0158200933e629ae325264158be5d94

    • SHA512

      fa8b59df979367d8c07d2b0ef3940d76e26172c83f7cd22834f3621c29b35a9dda74ebf4f72fd2a463993dfa53098c1b7f3872f81bd36e36f1569abb9777b0f2

    • SSDEEP

      12288:/K2jD3HH3DI+ibrHGHr2zQXtGwI6P/q5M+S08uqVfXib23LZ/8EzY+Vv1B3ajFpU:i2jjH3DIpHs20dGwIueM+d8uQib23LZV

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks