General

  • Target

    f6f0735e72c04c375410e11ee9819f4b.exe

  • Size

    1.2MB

  • Sample

    240916-pvmhnsxgkc

  • MD5

    f6f0735e72c04c375410e11ee9819f4b

  • SHA1

    5c13c6de1d4a58f85595bafc538dfcb2e59210af

  • SHA256

    0d0bc3db92e427e4774d5163e82bcb2c43abea5459d2541ab7da179e1dd41364

  • SHA512

    0775a1b2cc06c8f8d77a9ddf33abbe7da8d855bc00494df1f868edbeb88b0668c383e98718084422799c368957505af89c3d3a6cea7438837a8e61282b01705b

  • SSDEEP

    24576:mRmJkcoQricOIQxiZY1iag3h7lhh1xIxrPlkG3FQ7GFKCzkgs6:jJZoQrbTFZY1iagx7XmZG8FKD6

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      f6f0735e72c04c375410e11ee9819f4b.exe

    • Size

      1.2MB

    • MD5

      f6f0735e72c04c375410e11ee9819f4b

    • SHA1

      5c13c6de1d4a58f85595bafc538dfcb2e59210af

    • SHA256

      0d0bc3db92e427e4774d5163e82bcb2c43abea5459d2541ab7da179e1dd41364

    • SHA512

      0775a1b2cc06c8f8d77a9ddf33abbe7da8d855bc00494df1f868edbeb88b0668c383e98718084422799c368957505af89c3d3a6cea7438837a8e61282b01705b

    • SSDEEP

      24576:mRmJkcoQricOIQxiZY1iag3h7lhh1xIxrPlkG3FQ7GFKCzkgs6:jJZoQrbTFZY1iagx7XmZG8FKD6

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks