General

  • Target

    5b58d926eed5092379ee1a476cb4faa6b5ea3f8ad79e8c2e0c52c0b91784bc38.exe

  • Size

    2.9MB

  • Sample

    240617-vkpg6swfqf

  • MD5

    1194e62491f4f10fcf9350468f24008c

  • SHA1

    0763182ea5268195e565382d2067036477d37d25

  • SHA256

    5b58d926eed5092379ee1a476cb4faa6b5ea3f8ad79e8c2e0c52c0b91784bc38

  • SHA512

    8c10525336aba2e560b9a1e7c3d1e6ed6767e8e5739243efa6dfa015dba64480ee33c5f714c7561bc9c66f68e85a8bcd23550d997bc878ae9c872b902d10e69c

  • SSDEEP

    24576:3rfd2kD0pPvPPUlfr76QUzzFiJK6bBHPB:Rx0XPcl36QzJKyBHPB

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      5b58d926eed5092379ee1a476cb4faa6b5ea3f8ad79e8c2e0c52c0b91784bc38.exe

    • Size

      2.9MB

    • MD5

      1194e62491f4f10fcf9350468f24008c

    • SHA1

      0763182ea5268195e565382d2067036477d37d25

    • SHA256

      5b58d926eed5092379ee1a476cb4faa6b5ea3f8ad79e8c2e0c52c0b91784bc38

    • SHA512

      8c10525336aba2e560b9a1e7c3d1e6ed6767e8e5739243efa6dfa015dba64480ee33c5f714c7561bc9c66f68e85a8bcd23550d997bc878ae9c872b902d10e69c

    • SSDEEP

      24576:3rfd2kD0pPvPPUlfr76QUzzFiJK6bBHPB:Rx0XPcl36QzJKyBHPB

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks