General

  • Target

    5b2211b5ae1d84b2cbffe0a65a3b67b92deeb4ebd5e39d1324331aa0372d52e5

  • Size

    2.3MB

  • Sample

    240612-bs8fgaxerc

  • MD5

    c2bc4f60a6bf66cbf71e14569a2f9cc9

  • SHA1

    455af70ac4877fd18af148afca722596bcf8f4ae

  • SHA256

    5b2211b5ae1d84b2cbffe0a65a3b67b92deeb4ebd5e39d1324331aa0372d52e5

  • SHA512

    9c2c2ecd3583dacf719bdde4da9c6e808f7096a3017fc1e1606f82266c31dd72980fcd8068a554b3035dece3963b2ee4fee7b61002fec2173f209119c6d9997a

  • SSDEEP

    3072:E9Suae+rGXllXLmsrMG08yDTHBbLhSisYBZj/efwYiutrKl61FHxRcKRUg9bXljg:E6

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      5b2211b5ae1d84b2cbffe0a65a3b67b92deeb4ebd5e39d1324331aa0372d52e5

    • Size

      2.3MB

    • MD5

      c2bc4f60a6bf66cbf71e14569a2f9cc9

    • SHA1

      455af70ac4877fd18af148afca722596bcf8f4ae

    • SHA256

      5b2211b5ae1d84b2cbffe0a65a3b67b92deeb4ebd5e39d1324331aa0372d52e5

    • SHA512

      9c2c2ecd3583dacf719bdde4da9c6e808f7096a3017fc1e1606f82266c31dd72980fcd8068a554b3035dece3963b2ee4fee7b61002fec2173f209119c6d9997a

    • SSDEEP

      3072:E9Suae+rGXllXLmsrMG08yDTHBbLhSisYBZj/efwYiutrKl61FHxRcKRUg9bXljg:E6

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks