General

  • Target

    2ca6ab9b5571aef408c1f47e4a3802834283b97fd2a75c0e6f675d92fe2b322f

  • Size

    751KB

  • Sample

    240612-ccb8rsyckl

  • MD5

    e6b7493437b908e9d81f7aa0c477fa60

  • SHA1

    3cf0249d2239a9b73146e505d3a09d350f43ff3d

  • SHA256

    2ca6ab9b5571aef408c1f47e4a3802834283b97fd2a75c0e6f675d92fe2b322f

  • SHA512

    148696e8bd3da3f7ed504e8ea4c4bef6dade456863451c553eafae0231ee978bc621730c0770f4e3cd25a3716e36938c80a31fa8d5a12eb318ab20f8e062f44d

  • SSDEEP

    12288:8qxcZsfQrHrrQWoqbINii6MvPNaQSzBfBAl0YBMpACR5leZlNm:iZUQjALqbIsi6MHlSF5e0YKpA+erY

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      2ca6ab9b5571aef408c1f47e4a3802834283b97fd2a75c0e6f675d92fe2b322f

    • Size

      751KB

    • MD5

      e6b7493437b908e9d81f7aa0c477fa60

    • SHA1

      3cf0249d2239a9b73146e505d3a09d350f43ff3d

    • SHA256

      2ca6ab9b5571aef408c1f47e4a3802834283b97fd2a75c0e6f675d92fe2b322f

    • SHA512

      148696e8bd3da3f7ed504e8ea4c4bef6dade456863451c553eafae0231ee978bc621730c0770f4e3cd25a3716e36938c80a31fa8d5a12eb318ab20f8e062f44d

    • SSDEEP

      12288:8qxcZsfQrHrrQWoqbINii6MvPNaQSzBfBAl0YBMpACR5leZlNm:iZUQjALqbIsi6MHlSF5e0YKpA+erY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks