General

  • Target

    19062024_0741_18062024_PO142.rar

  • Size

    592KB

  • Sample

    240619-jh8x9axakc

  • MD5

    2bdd4631e452700fe8ec10bca28a05d9

  • SHA1

    b8bd1fb05e3471943efc1aa9e5ef4dd3261379ca

  • SHA256

    af66c8b635cd258927533b52b7250f0b87131863b004ae03fc074de05f6d5da2

  • SHA512

    ac3b097d258be4d9ce4a5fb87285ec4da0a45b6073b30737b6e401e6df1ce24d93030579d5d2cd3be49bd3a3577853d9daece5354f058ed1aaa52c296c7a2558

  • SSDEEP

    12288:xHINvJrLBVN2xa8TZ5DJxTolZRUvZRX2xf1kR5JEfchW:xHINBnNIF5DP0DRUodkRDEX

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PO142.exe

    • Size

      1.1MB

    • MD5

      2476b897b910a0d1709e27374b15ad2e

    • SHA1

      7fbcbaf9c0770e0fc2746d86115adb83093edef4

    • SHA256

      f8d3c0510f7c44a8308b811704902b0ea5ee0be3413f82139069e1afa009cc29

    • SHA512

      628154d00012aebddf9ab5df8be6521c085d69b2889ed548c207eece358b3c006d103591ee1b4a1fafccdb1a0778ffa99fe7a4f090f90ab99dadca99f3beba16

    • SSDEEP

      24576:LAHnh+eWsN3skA4RV1Hom2KXMmHaeytO4KndFIBPrW5:mh+ZkldoPK8YaeyIndFaPw

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks