General
-
Target
9704936caf4d8510570a175de4f882e438e8cf1ef5139f585249a9017422f573
-
Size
696KB
-
Sample
240906-mnbfqasbnh
-
MD5
82dbc2f49ef5018c3ac54f25e607f62f
-
SHA1
95727df034824b0a91c2ddbcf35195edfb36b77b
-
SHA256
9704936caf4d8510570a175de4f882e438e8cf1ef5139f585249a9017422f573
-
SHA512
aa289140e767ce4a2626334edaec53f0ea858763d78f8c9abd062f01626c2b0939bbde756a25fcca544032b33942ae3f80a65ad03faee1448851cb845fedf11d
-
SSDEEP
12288:zOQBFAvm8L23Wh4kek3j/2oPPdkwLm8x2k5JG9c6T0puQQQ0zf0JxlvROXorQ:jFA7KGLbR9vvTLG9cUb6xbmorQ
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
webmaster - Email To:
[email protected]
Targets
-
-
Target
Balance payment.exe
-
Size
1.3MB
-
MD5
deb3b7e5c7d073079936294b9c2d58ca
-
SHA1
53654c644deb674d7e67abd5537eabe2889df4da
-
SHA256
b19f2dd9632dae7234700971da09d82204d078a1f6c5d6e5beabae30513e07be
-
SHA512
454b786d2371c126bf16519f626f52294879cf880900029bf34dc73025f095d030536d32fc48c5fb9dbfa824aa07f1403404b9dd61d84747a31be15a6e657a89
-
SSDEEP
24576:q84aWZczwnZlZAyLX4wFX3Ub0mgXh/x9YlYSz/4H4444C:q84aK6eZlZVkb84lYSz/4H4444C
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1