General

  • Target

    5506da989e5275d49a5aa55efafd5de4e2f72eb6020fb9e8e3b20e9d36394afc

  • Size

    1.1MB

  • Sample

    240619-cz55cswgpk

  • MD5

    3276215fe627a84eb70a7d27e743f6e5

  • SHA1

    2bb9897d0f6cc58acf37ae07ee1fb4601ec31a46

  • SHA256

    5506da989e5275d49a5aa55efafd5de4e2f72eb6020fb9e8e3b20e9d36394afc

  • SHA512

    971224e46be7d0a12a62bdc7d0e565bd51bd277463e79cd4fdacc6d0ab5495df6af4b2eedac53014321263269dd2226f37d8369d6d19949ffa0e9c667db63d2e

  • SSDEEP

    24576:RAHnh+eWsN3skA4RV1Hom2KXMmHa+kcu3V0pgK3j4u9G5:oh+ZkldoPK8Ya+kcfBq

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      5506da989e5275d49a5aa55efafd5de4e2f72eb6020fb9e8e3b20e9d36394afc

    • Size

      1.1MB

    • MD5

      3276215fe627a84eb70a7d27e743f6e5

    • SHA1

      2bb9897d0f6cc58acf37ae07ee1fb4601ec31a46

    • SHA256

      5506da989e5275d49a5aa55efafd5de4e2f72eb6020fb9e8e3b20e9d36394afc

    • SHA512

      971224e46be7d0a12a62bdc7d0e565bd51bd277463e79cd4fdacc6d0ab5495df6af4b2eedac53014321263269dd2226f37d8369d6d19949ffa0e9c667db63d2e

    • SSDEEP

      24576:RAHnh+eWsN3skA4RV1Hom2KXMmHa+kcu3V0pgK3j4u9G5:oh+ZkldoPK8Ya+kcfBq

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks