General

  • Target

    9e4c975a08c32f87ff086024ba780bd0.bin

  • Size

    694KB

  • Sample

    240612-c6qcgsyhmp

  • MD5

    65b3b4a3631332550a04ca2ff9efc5aa

  • SHA1

    4a23ef73e6f04b00c5cb8f919573a970aaf43950

  • SHA256

    638e75bf512aec9f6683260128c3d74441da502ec85eb1e3a12a3b3c150fe1a2

  • SHA512

    944641692dbebef4e9809ca4565fb87cc80bce0eba73e7126ba5cad1b9b1d32fa7b68e709f0d6443690f19b9f16ad14ff0905f6650da83c8d21b846d52a4e018

  • SSDEEP

    12288:QREjEU8q55RvXPcjJYTCwa9ROeliLesoHjW5T20I5vIW4lx4Q:1f8q1XcK2X90esoHjW5Ta5vIPp

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      2eeedb8129877d2cff8bfca258974786448f4babb12a1e44651735e675f09ca1.exe

    • Size

      1.1MB

    • MD5

      9e4c975a08c32f87ff086024ba780bd0

    • SHA1

      dbc81c855977fdff4f4a1cf99c0be1b984dab109

    • SHA256

      2eeedb8129877d2cff8bfca258974786448f4babb12a1e44651735e675f09ca1

    • SHA512

      4903268f884e4dde313d3d088050674aadbd9fdb93f79539a5312e33d24498520c389d18ce99e84874ba399c1782d5242872f7f9a95fbbaec717e21e3a0f3b8d

    • SSDEEP

      24576:8AHnh+eWsN3skA4RV1Hom2KXMmHaxsBAhLuqFfs3quI5:bh+ZkldoPK8YaxsShLHgqB

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks