General

  • Target

    bfe596cd822f76ded21964902b0ebb13.bin

  • Size

    656KB

  • Sample

    240612-das9yazalb

  • MD5

    c66939dc7c3b1e2541103807fbcb42d2

  • SHA1

    5cb657b8166a025a6781ccb880be5c7c6b1c2d4f

  • SHA256

    227a4db3ace3fbe8a7c0c0e063539a2bbe8197a5704a208d4b228448393c6f40

  • SHA512

    73e6fbb9852bcb9771482a86f89a0862a56f9ee898ba039dcca9cd947a44b6c772dc6514d54bd25b66c150a898ff473a1d73829ac79c136c6f84e1aea3f28cfc

  • SSDEEP

    12288:rKtRylp6lefxD1I6yC1ojr8Y4Q4+RiHLDF3zM7dyVLVfblmsXSYuWTHqON:rKtRy76lODTyUbY4r1PxzMs/fUsYgH/

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      5f14a244f730788efe3dc87a9b3d73955ca9e76862c822d6cd3707804a4308a3.exe

    • Size

      685KB

    • MD5

      bfe596cd822f76ded21964902b0ebb13

    • SHA1

      fd4ad8656cdd121b3d1aeb5bb3b1bbaf6eecbeae

    • SHA256

      5f14a244f730788efe3dc87a9b3d73955ca9e76862c822d6cd3707804a4308a3

    • SHA512

      6ff01a14595f0a134ff39f94d0c5cdad5056d21c67d273ea5ee8a7c5bb3429b333ae7a723019a3c1e7ca417cd7f3758ecd4f171534aa741de015f304c0249299

    • SSDEEP

      12288:lja4o46rdvC1UeWWDVIZqhop5we/rkIK4LtPRQtgEG8LI6ZhuitqtcYg2iNp:l+4o9rdvC1U42qhX0wIK4RPROgirZ4rG

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks