General

  • Target

    a12ee673b117c6f885a48717522d87fe36e56ab0f9259f787c466261e27cddaf

  • Size

    1.1MB

  • Sample

    240628-cd33waxgmk

  • MD5

    4e44ad124adcb879a76b404d37206d13

  • SHA1

    b85e92ec81e0f6604658fb71b9c0e44a5f1d4537

  • SHA256

    a12ee673b117c6f885a48717522d87fe36e56ab0f9259f787c466261e27cddaf

  • SHA512

    37216f90ad734c2cc435b003a19d9872736dfe584a28aa4ce5a6490a8913e3bbbf0f17a6046c9acfaaa4f895c88c6b7f4590620562b20a4b12966328eda54f29

  • SSDEEP

    24576:VAHnh+eWsN3skA4RV1Hom2KXMmHan0sNWrBdSRL5:Eh+ZkldoPK8Yan0sNWlU

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      a12ee673b117c6f885a48717522d87fe36e56ab0f9259f787c466261e27cddaf

    • Size

      1.1MB

    • MD5

      4e44ad124adcb879a76b404d37206d13

    • SHA1

      b85e92ec81e0f6604658fb71b9c0e44a5f1d4537

    • SHA256

      a12ee673b117c6f885a48717522d87fe36e56ab0f9259f787c466261e27cddaf

    • SHA512

      37216f90ad734c2cc435b003a19d9872736dfe584a28aa4ce5a6490a8913e3bbbf0f17a6046c9acfaaa4f895c88c6b7f4590620562b20a4b12966328eda54f29

    • SSDEEP

      24576:VAHnh+eWsN3skA4RV1Hom2KXMmHan0sNWrBdSRL5:Eh+ZkldoPK8Yan0sNWlU

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks