General

  • Target

    462d52d82377841b63ebcf43f25772edb2a761c559be9d28a510c0ab7155d2c1.exe

  • Size

    1.1MB

  • Sample

    240913-px776a1hnh

  • MD5

    96f60e7b370e3f1886ff83c067312108

  • SHA1

    b1e275bc665b436180a81e1c631118a92fa628db

  • SHA256

    462d52d82377841b63ebcf43f25772edb2a761c559be9d28a510c0ab7155d2c1

  • SHA512

    a78d9ef2fbfcab228572de7fa1f65511b4f38c98c73fd0f194fc851fc9eaeec1597b1c687f40c9b80a3af2a09b92ea8ec8eef53b460e9ff076743d3dc91a0e01

  • SSDEEP

    24576:j4lavt0LkLL9IMixoEgeacCRMTCcfEXq4PeGxq9MmCS:2kwkn9IMHeacCRMTwxaPCS

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      462d52d82377841b63ebcf43f25772edb2a761c559be9d28a510c0ab7155d2c1.exe

    • Size

      1.1MB

    • MD5

      96f60e7b370e3f1886ff83c067312108

    • SHA1

      b1e275bc665b436180a81e1c631118a92fa628db

    • SHA256

      462d52d82377841b63ebcf43f25772edb2a761c559be9d28a510c0ab7155d2c1

    • SHA512

      a78d9ef2fbfcab228572de7fa1f65511b4f38c98c73fd0f194fc851fc9eaeec1597b1c687f40c9b80a3af2a09b92ea8ec8eef53b460e9ff076743d3dc91a0e01

    • SSDEEP

      24576:j4lavt0LkLL9IMixoEgeacCRMTCcfEXq4PeGxq9MmCS:2kwkn9IMHeacCRMTwxaPCS

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks