General

  • Target

    c6082b6a09f1ad147a09cc579f562e66822d424cc0293b846c653d1a4787984b

  • Size

    876KB

  • Sample

    240612-b9tcwaybnp

  • MD5

    3dcbd6e5cb8c4d41fd60008732172eaf

  • SHA1

    c6f07d35fe09aaf673f85fb4bc49feea6d5afb91

  • SHA256

    c6082b6a09f1ad147a09cc579f562e66822d424cc0293b846c653d1a4787984b

  • SHA512

    952dff387f43d97974e1bce4b58c2bcadb96e2d82469cb3bf567926070a02f609a950b0718efa45cdc4c543ad5a07b0eae8d8698cdf4033dff29ad6c7ee6adeb

  • SSDEEP

    24576:Xg61jjk0LAta9A2kDI59U3P6EnHtD5VyHlRw8wS0Y5:2dP68jyHlRwEd

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      c6082b6a09f1ad147a09cc579f562e66822d424cc0293b846c653d1a4787984b

    • Size

      876KB

    • MD5

      3dcbd6e5cb8c4d41fd60008732172eaf

    • SHA1

      c6f07d35fe09aaf673f85fb4bc49feea6d5afb91

    • SHA256

      c6082b6a09f1ad147a09cc579f562e66822d424cc0293b846c653d1a4787984b

    • SHA512

      952dff387f43d97974e1bce4b58c2bcadb96e2d82469cb3bf567926070a02f609a950b0718efa45cdc4c543ad5a07b0eae8d8698cdf4033dff29ad6c7ee6adeb

    • SSDEEP

      24576:Xg61jjk0LAta9A2kDI59U3P6EnHtD5VyHlRw8wS0Y5:2dP68jyHlRwEd

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks