General

  • Target

    LocalStealer.exe

  • Size

    4.3MB

  • Sample

    240825-xfxn4azhrl

  • MD5

    2a83e09de80c45eecdc7c9ed103c4346

  • SHA1

    4fdb40b042468a529f339bb9c5045dadc5a7c7bb

  • SHA256

    6c8cd2ff4020f57d558e878d87e8039ad3804614cad29957e279423af39b959d

  • SHA512

    e8784c26146256cb481e8ddf1795bf86d7a5bedad1ff0397b71884076b1ec49efa5e3ef3f6eeed921d4f190ae7b2ab6b7317ce27d1c43ea13e3d8edfe4ef3d12

  • SSDEEP

    98304:tkjozJ9/im8XVBKl6tmJVPS47x/EaR5zNNHtFkIT4bNJFY3OqtaSGuA+iFi:RzJpjS346tmJ1xsG53tFkjBHYq9uAy

Malware Config

Targets

    • Target

      LocalStealer.exe

    • Size

      4.3MB

    • MD5

      2a83e09de80c45eecdc7c9ed103c4346

    • SHA1

      4fdb40b042468a529f339bb9c5045dadc5a7c7bb

    • SHA256

      6c8cd2ff4020f57d558e878d87e8039ad3804614cad29957e279423af39b959d

    • SHA512

      e8784c26146256cb481e8ddf1795bf86d7a5bedad1ff0397b71884076b1ec49efa5e3ef3f6eeed921d4f190ae7b2ab6b7317ce27d1c43ea13e3d8edfe4ef3d12

    • SSDEEP

      98304:tkjozJ9/im8XVBKl6tmJVPS47x/EaR5zNNHtFkIT4bNJFY3OqtaSGuA+iFi:RzJpjS346tmJ1xsG53tFkjBHYq9uAy

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

MITRE ATT&CK Enterprise v15

Tasks