General

  • Target

    70f006e7422395770cd6655c6f4211864d422d4f447e54cc26b67c505bbd7204

  • Size

    1.1MB

  • Sample

    240612-b9h7xaybnl

  • MD5

    062050b56fc306bbab4d17e72eea5c34

  • SHA1

    8edbcc1dc7da0fab002d356d2a28b2350bcad025

  • SHA256

    70f006e7422395770cd6655c6f4211864d422d4f447e54cc26b67c505bbd7204

  • SHA512

    82374a724a6747d8469e2bb5f38da963837ae020323a454ee4a9e8de6af4e00d4b9e3c4aa70dd8662de432e505dfdcf916ed2a0e06db471770f37ba59e63cffd

  • SSDEEP

    24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8ax3CrtGkb:2TvC/MTQYxsWR7aRa7

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      70f006e7422395770cd6655c6f4211864d422d4f447e54cc26b67c505bbd7204

    • Size

      1.1MB

    • MD5

      062050b56fc306bbab4d17e72eea5c34

    • SHA1

      8edbcc1dc7da0fab002d356d2a28b2350bcad025

    • SHA256

      70f006e7422395770cd6655c6f4211864d422d4f447e54cc26b67c505bbd7204

    • SHA512

      82374a724a6747d8469e2bb5f38da963837ae020323a454ee4a9e8de6af4e00d4b9e3c4aa70dd8662de432e505dfdcf916ed2a0e06db471770f37ba59e63cffd

    • SSDEEP

      24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8ax3CrtGkb:2TvC/MTQYxsWR7aRa7

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks