General

  • Target

    18ff6631ab54404f2bded369fba304c99eb1db00002193bba944d1751e681b05.exe

  • Size

    1.0MB

  • Sample

    240618-sqm57ayhkf

  • MD5

    b237d85e56ced56738e575358285ff42

  • SHA1

    917432f3b43b58a0d0bff8c3e28f70518f6b4d56

  • SHA256

    18ff6631ab54404f2bded369fba304c99eb1db00002193bba944d1751e681b05

  • SHA512

    b6e09cba0db08110869b69b7043befb17fc5f2ae5c0df247d241d41a20b59afc500389a607b9c91cdce4b00af75f42824335fbe40c918da6594a71c2544302fb

  • SSDEEP

    24576:Buj2TMq6SIsdoaqYgP9HQxODe6OjaB6ebjeskW48z:Bc26ioaqhRiOD3yaB6ebFkW4

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      18ff6631ab54404f2bded369fba304c99eb1db00002193bba944d1751e681b05.exe

    • Size

      1.0MB

    • MD5

      b237d85e56ced56738e575358285ff42

    • SHA1

      917432f3b43b58a0d0bff8c3e28f70518f6b4d56

    • SHA256

      18ff6631ab54404f2bded369fba304c99eb1db00002193bba944d1751e681b05

    • SHA512

      b6e09cba0db08110869b69b7043befb17fc5f2ae5c0df247d241d41a20b59afc500389a607b9c91cdce4b00af75f42824335fbe40c918da6594a71c2544302fb

    • SSDEEP

      24576:Buj2TMq6SIsdoaqYgP9HQxODe6OjaB6ebjeskW48z:Bc26ioaqhRiOD3yaB6ebFkW4

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks