General

  • Target

    Trojan.Win32.Leonem-696a1a956d00c895f0716efdec49515d65deae2edd12cad87c13c29f31fbd360N

  • Size

    1.2MB

  • Sample

    240916-x5z6hswbkr

  • MD5

    e0d57a92476711a3438a44fa205e1720

  • SHA1

    a1669d33a5b53f9c501c01ec2bc7e155a6964a38

  • SHA256

    696a1a956d00c895f0716efdec49515d65deae2edd12cad87c13c29f31fbd360

  • SHA512

    7f6173a7d61dc797fc63456240b26daca47580ca901e3af901926fe293ab703c83b1c1f7fb5e47378d42d3443524db13707283018699e76e1dd5de2aae1a80e9

  • SSDEEP

    24576:I3c92psKAq6ITV5vGbao8LSEI28uUESJVufn/VtvVE:I3cYaKd6EGbrs4ySQ

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Trojan.Win32.Leonem-696a1a956d00c895f0716efdec49515d65deae2edd12cad87c13c29f31fbd360N

    • Size

      1.2MB

    • MD5

      e0d57a92476711a3438a44fa205e1720

    • SHA1

      a1669d33a5b53f9c501c01ec2bc7e155a6964a38

    • SHA256

      696a1a956d00c895f0716efdec49515d65deae2edd12cad87c13c29f31fbd360

    • SHA512

      7f6173a7d61dc797fc63456240b26daca47580ca901e3af901926fe293ab703c83b1c1f7fb5e47378d42d3443524db13707283018699e76e1dd5de2aae1a80e9

    • SSDEEP

      24576:I3c92psKAq6ITV5vGbao8LSEI28uUESJVufn/VtvVE:I3cYaKd6EGbrs4ySQ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks