General

  • Target

    #29469O204.exe

  • Size

    1.1MB

  • Sample

    240916-tym1tsxglk

  • MD5

    fcbeee4d98c0149d7a4d77544584a4b1

  • SHA1

    252c90496e1d30c85af718df02053f2bf876b5fa

  • SHA256

    2f871dc858b7320d26415f760957201d60691eee8d3939eb2e443a2ee8bad3ef

  • SHA512

    cd6560c55d24c04ef6ee73fd033ef1e8c61246344a5d8542fc92c7fb9d39852774dd3eac2169f64dd86c866224d94f1d14eae95d3c97252f96b55588ff8a1235

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaCD257KUpiESY42J7XfBx3bSlqbz7TY:7JZoQrbTFZY1iaCSPjI25vBtGKz7TY

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      #29469O204.exe

    • Size

      1.1MB

    • MD5

      fcbeee4d98c0149d7a4d77544584a4b1

    • SHA1

      252c90496e1d30c85af718df02053f2bf876b5fa

    • SHA256

      2f871dc858b7320d26415f760957201d60691eee8d3939eb2e443a2ee8bad3ef

    • SHA512

      cd6560c55d24c04ef6ee73fd033ef1e8c61246344a5d8542fc92c7fb9d39852774dd3eac2169f64dd86c866224d94f1d14eae95d3c97252f96b55588ff8a1235

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCD257KUpiESY42J7XfBx3bSlqbz7TY:7JZoQrbTFZY1iaCSPjI25vBtGKz7TY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks