General

  • Target

    fda56337edb5690972656c720a0b1fa80b59b0b33bdf77241dc7847f54950bf2

  • Size

    1.0MB

  • Sample

    240619-cz4ljascpb

  • MD5

    a4ac1f9763f043d47a1000c299c28968

  • SHA1

    57bc09f397fd56edc8ffb25ce38f7872c2fb60a9

  • SHA256

    fda56337edb5690972656c720a0b1fa80b59b0b33bdf77241dc7847f54950bf2

  • SHA512

    994cdbd82d62b68e04282479d260f098dfb67b422519cb9be7df0f11d29cf1888d77a7e16cec5763f690cff7a954292c03e2933bebdd2c0084d4b9abb93e8be0

  • SSDEEP

    24576:VAHnh+eWsN3skA4RV1Hom2KXMmHahNNRTmC6cb5:Eh+ZkldoPK8YahNX56I

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      fda56337edb5690972656c720a0b1fa80b59b0b33bdf77241dc7847f54950bf2

    • Size

      1.0MB

    • MD5

      a4ac1f9763f043d47a1000c299c28968

    • SHA1

      57bc09f397fd56edc8ffb25ce38f7872c2fb60a9

    • SHA256

      fda56337edb5690972656c720a0b1fa80b59b0b33bdf77241dc7847f54950bf2

    • SHA512

      994cdbd82d62b68e04282479d260f098dfb67b422519cb9be7df0f11d29cf1888d77a7e16cec5763f690cff7a954292c03e2933bebdd2c0084d4b9abb93e8be0

    • SSDEEP

      24576:VAHnh+eWsN3skA4RV1Hom2KXMmHahNNRTmC6cb5:Eh+ZkldoPK8YahNX56I

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks