General

  • Target

    488a077328139671e230334d8c5824b7a8bf4593ab55b333cd3dd4f000aa38cd

  • Size

    790KB

  • Sample

    240612-bxfagsxgkr

  • MD5

    7e1bf44cd8b86e714af28dfa697bf32e

  • SHA1

    f0a29b03cf4e26d7fe830bf61364149e3a0d68d1

  • SHA256

    488a077328139671e230334d8c5824b7a8bf4593ab55b333cd3dd4f000aa38cd

  • SHA512

    849ac6ca46e2074989a473749f152acb566472ddb378dfa1c53826f95ca7fb44188136a6635aa92f9d6a9954bf26728dadf51d291317352ed271e0bdd305ca1f

  • SSDEEP

    24576:9HE/+erOC6RoGFGj1GG5QsldfjXfZHhOQzwfBiNco:XzR+ltldfjXhBOQzwfBAco

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      488a077328139671e230334d8c5824b7a8bf4593ab55b333cd3dd4f000aa38cd

    • Size

      790KB

    • MD5

      7e1bf44cd8b86e714af28dfa697bf32e

    • SHA1

      f0a29b03cf4e26d7fe830bf61364149e3a0d68d1

    • SHA256

      488a077328139671e230334d8c5824b7a8bf4593ab55b333cd3dd4f000aa38cd

    • SHA512

      849ac6ca46e2074989a473749f152acb566472ddb378dfa1c53826f95ca7fb44188136a6635aa92f9d6a9954bf26728dadf51d291317352ed271e0bdd305ca1f

    • SSDEEP

      24576:9HE/+erOC6RoGFGj1GG5QsldfjXfZHhOQzwfBiNco:XzR+ltldfjXhBOQzwfBAco

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks