General

  • Target

    007eeb505de7502eb1e74d0032f8454b.scr

  • Size

    2.0MB

  • Sample

    240619-l28gyaybnc

  • MD5

    007eeb505de7502eb1e74d0032f8454b

  • SHA1

    10b34bd589fce59c29510cd0cc55a980f28b6d53

  • SHA256

    71e447886f51c3feb06d6f6d1316294177353191b3310dde9d9d8c30ebe94738

  • SHA512

    2e1155bcf6d3ec055fd9fe28019f9de17d75c0ec7215385b86dba020b5a755307553802ce8110aeb1705573450ec01e4ce43e55bb86d7866f81b373de3521925

  • SSDEEP

    24576:DQ3jseXWCkm6Ljmsxxfbw5btv2nN2LXZ3b4e04pl+WdCqiGtSM:D6JGC36/1dcv22ue04pl+6Cjn

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      007eeb505de7502eb1e74d0032f8454b.scr

    • Size

      2.0MB

    • MD5

      007eeb505de7502eb1e74d0032f8454b

    • SHA1

      10b34bd589fce59c29510cd0cc55a980f28b6d53

    • SHA256

      71e447886f51c3feb06d6f6d1316294177353191b3310dde9d9d8c30ebe94738

    • SHA512

      2e1155bcf6d3ec055fd9fe28019f9de17d75c0ec7215385b86dba020b5a755307553802ce8110aeb1705573450ec01e4ce43e55bb86d7866f81b373de3521925

    • SSDEEP

      24576:DQ3jseXWCkm6Ljmsxxfbw5btv2nN2LXZ3b4e04pl+WdCqiGtSM:D6JGC36/1dcv22ue04pl+6Cjn

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks