General

  • Target

    G_24370-24396_SI2_S25_8658_MPO_SMARTEX_240715.exe

  • Size

    2.5MB

  • Sample

    240829-l18rbaxfqq

  • MD5

    94117aff03dec1ed2036aab93e6ee76c

  • SHA1

    d095d0607a47c54ed7bc407362ddd73ad3175258

  • SHA256

    06ce17c25d36e66683f7eab6a010de3f388a3097312e47875ba3eda13c6dd4c1

  • SHA512

    b15dfaa0aaab45ce9bf20c8fd8a3ce466f1f9a77d88018262255bc67dc15436fc9fe857b5abbe224b45de6c2818b60571821c8ee65393cff64f0475f5fd075d4

  • SSDEEP

    49152:5ZCif8dHfbds+Ee0HpEG3dNAGC/KpMxUQao54X9ioWN6MkdJSnN:PCifX+7qEpVw+J4N8rkdw

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      G_24370-24396_SI2_S25_8658_MPO_SMARTEX_240715.exe

    • Size

      2.5MB

    • MD5

      94117aff03dec1ed2036aab93e6ee76c

    • SHA1

      d095d0607a47c54ed7bc407362ddd73ad3175258

    • SHA256

      06ce17c25d36e66683f7eab6a010de3f388a3097312e47875ba3eda13c6dd4c1

    • SHA512

      b15dfaa0aaab45ce9bf20c8fd8a3ce466f1f9a77d88018262255bc67dc15436fc9fe857b5abbe224b45de6c2818b60571821c8ee65393cff64f0475f5fd075d4

    • SSDEEP

      49152:5ZCif8dHfbds+Ee0HpEG3dNAGC/KpMxUQao54X9ioWN6MkdJSnN:PCifX+7qEpVw+J4N8rkdw

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks