General

  • Target

    b29804d957c71d706245f48e7d72a8614ec746e5b3da423a05f980fa865d7a77

  • Size

    1.0MB

  • Sample

    240612-bngf7axekl

  • MD5

    9a1e316f859f8cbb6b8e410965d2f4d3

  • SHA1

    7391c18e38cc0a7e23d8de6b9564dd794561495a

  • SHA256

    b29804d957c71d706245f48e7d72a8614ec746e5b3da423a05f980fa865d7a77

  • SHA512

    db3a5d265490df1b69a15dfa8c5fb76d1bb8c8bbec70c7adea836884314c7925e92b68252444c897e13f0c8602136f289977662039f73f203950a6b04d4383b0

  • SSDEEP

    24576:WAHnh+eWsN3skA4RV1Hom2KXMmHa7eGJfHF5:xh+ZkldoPK8Ya7bF/

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      b29804d957c71d706245f48e7d72a8614ec746e5b3da423a05f980fa865d7a77

    • Size

      1.0MB

    • MD5

      9a1e316f859f8cbb6b8e410965d2f4d3

    • SHA1

      7391c18e38cc0a7e23d8de6b9564dd794561495a

    • SHA256

      b29804d957c71d706245f48e7d72a8614ec746e5b3da423a05f980fa865d7a77

    • SHA512

      db3a5d265490df1b69a15dfa8c5fb76d1bb8c8bbec70c7adea836884314c7925e92b68252444c897e13f0c8602136f289977662039f73f203950a6b04d4383b0

    • SSDEEP

      24576:WAHnh+eWsN3skA4RV1Hom2KXMmHa7eGJfHF5:xh+ZkldoPK8Ya7bF/

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks