General

  • Target

    c0606c7a28717e12ff2ba17844d4be166dcc9cfa060c98d0bd3b940c79d81ef8.exe

  • Size

    544KB

  • Sample

    240905-b51w6a1bjj

  • MD5

    15ceb47475a86d9b42cb5bb9e92ad101

  • SHA1

    86bcebd131167e95dbff902c4fc4669f829b3d81

  • SHA256

    c0606c7a28717e12ff2ba17844d4be166dcc9cfa060c98d0bd3b940c79d81ef8

  • SHA512

    76031122fa7670ac69965038ea60472917ea16059b23c353db467121a4b2740c9e8ce422d7869fb1868f91e496017a63e03540d5e8eb760a1a8c70720eb9aeef

  • SSDEEP

    12288:NYV6MorX7qzuC3QHO9FQVHPF51jgcrzOtOD/eRyCAcFx:iBXu9HGaVHm8/KdfFx

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      c0606c7a28717e12ff2ba17844d4be166dcc9cfa060c98d0bd3b940c79d81ef8.exe

    • Size

      544KB

    • MD5

      15ceb47475a86d9b42cb5bb9e92ad101

    • SHA1

      86bcebd131167e95dbff902c4fc4669f829b3d81

    • SHA256

      c0606c7a28717e12ff2ba17844d4be166dcc9cfa060c98d0bd3b940c79d81ef8

    • SHA512

      76031122fa7670ac69965038ea60472917ea16059b23c353db467121a4b2740c9e8ce422d7869fb1868f91e496017a63e03540d5e8eb760a1a8c70720eb9aeef

    • SSDEEP

      12288:NYV6MorX7qzuC3QHO9FQVHPF51jgcrzOtOD/eRyCAcFx:iBXu9HGaVHm8/KdfFx

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks