General

  • Target

    5.exe

  • Size

    1.1MB

  • Sample

    240618-qvblvazdnm

  • MD5

    2476b897b910a0d1709e27374b15ad2e

  • SHA1

    7fbcbaf9c0770e0fc2746d86115adb83093edef4

  • SHA256

    f8d3c0510f7c44a8308b811704902b0ea5ee0be3413f82139069e1afa009cc29

  • SHA512

    628154d00012aebddf9ab5df8be6521c085d69b2889ed548c207eece358b3c006d103591ee1b4a1fafccdb1a0778ffa99fe7a4f090f90ab99dadca99f3beba16

  • SSDEEP

    24576:LAHnh+eWsN3skA4RV1Hom2KXMmHaeytO4KndFIBPrW5:mh+ZkldoPK8YaeyIndFaPw

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      5.exe

    • Size

      1.1MB

    • MD5

      2476b897b910a0d1709e27374b15ad2e

    • SHA1

      7fbcbaf9c0770e0fc2746d86115adb83093edef4

    • SHA256

      f8d3c0510f7c44a8308b811704902b0ea5ee0be3413f82139069e1afa009cc29

    • SHA512

      628154d00012aebddf9ab5df8be6521c085d69b2889ed548c207eece358b3c006d103591ee1b4a1fafccdb1a0778ffa99fe7a4f090f90ab99dadca99f3beba16

    • SSDEEP

      24576:LAHnh+eWsN3skA4RV1Hom2KXMmHaeytO4KndFIBPrW5:mh+ZkldoPK8YaeyIndFaPw

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks