General

  • Target

    nConselhos De Pagamento Ref#739028738203894030.tar.xz

  • Size

    626KB

  • Sample

    240617-vgtbysweqe

  • MD5

    7aac8672c5c030a21bde1bb813812d21

  • SHA1

    38939135b913be94fd14fa835f9c2a079e0aad35

  • SHA256

    b800b17dcf627a5bfac40f8cf631a5d839b8028d8d57c66e8e0fdccaf1299198

  • SHA512

    d08a6bd8c9f65a42fed0d0dd078f87bb297bda99a8282c08176c0d2bcd37fc775bb3ef5b53d0e410707cca4f0de8a7a3f4fc278928b62df42e4c418cc9be47a5

  • SSDEEP

    12288:0zz1vPWGsEPdvS6AcPv+EiZDQykpaY9BIf+O/FlJCFShZyFZlJtKOQH+:0zBPUadecPvuZ6p3slJClFJtnx

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Conselhos De Pagamento Ref#739028738203894030.exe

    • Size

      651KB

    • MD5

      8c4cef6e79a11202c03950c808c4eb19

    • SHA1

      5e406f0542ba40ae9fbcd15ba6b9cbaff899c107

    • SHA256

      da6fa9caa609fd7f758a76b0b07044a9eee9f8db84ff72e3cbe171b0ce6d8c2e

    • SHA512

      5b482eac78bc167abaca99ea38c13570a7761dcb5936024fe853800a848c19f885f89a167b3d428bca44257277d5bad660c2aa9763ff2a759b96213404a923f9

    • SSDEEP

      12288:RSUVypPWLs8PdvSjAcEv+EiYDQGkpaY9BIf4OM2lJCFShryFZuVQ4Y/:RKPDSdhcEvuYopDmlJCVH1

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks