General

  • Target

    4d766d364c6fdef617274773b6f33745a8c38cd897063a3b5deea9e3e69c3e6b

  • Size

    658KB

  • Sample

    240612-bra4ksxenb

  • MD5

    6ca2474cfdc9e2c43526ad14cd72035e

  • SHA1

    ec575cfc292afda741f192238ba5999fc325fc80

  • SHA256

    4d766d364c6fdef617274773b6f33745a8c38cd897063a3b5deea9e3e69c3e6b

  • SHA512

    a540da1614c5ebb8e2aae2824f89cd2e90959d438870a4234f4ea951638aae7e1f1ae2f7042fa450a3011f294cf5b45432391065e8c5264c5ba656df0b282d21

  • SSDEEP

    12288:1i8LkpEaeHZb0hcYDupdLrclb815z+2hqonDa/tgZ11ta2rBK1cIsVl:QjErH10hcYkrcl815z+TgZFa2J

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      4d766d364c6fdef617274773b6f33745a8c38cd897063a3b5deea9e3e69c3e6b

    • Size

      658KB

    • MD5

      6ca2474cfdc9e2c43526ad14cd72035e

    • SHA1

      ec575cfc292afda741f192238ba5999fc325fc80

    • SHA256

      4d766d364c6fdef617274773b6f33745a8c38cd897063a3b5deea9e3e69c3e6b

    • SHA512

      a540da1614c5ebb8e2aae2824f89cd2e90959d438870a4234f4ea951638aae7e1f1ae2f7042fa450a3011f294cf5b45432391065e8c5264c5ba656df0b282d21

    • SSDEEP

      12288:1i8LkpEaeHZb0hcYDupdLrclb815z+2hqonDa/tgZ11ta2rBK1cIsVl:QjErH10hcYkrcl815z+TgZFa2J

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks