General

  • Target

    17092024_0035_16092024_September PO.zip

  • Size

    860KB

  • Sample

    240917-axjr8sxhke

  • MD5

    658c6111b950b7f516d5b04850911d9d

  • SHA1

    10a5c76ede6049432aafc4e91cabf476c8acefee

  • SHA256

    dfed31f29bf414b3808f5b43289e697a84c363cb870c62024bbe9f67c839034d

  • SHA512

    372224e7a821ac2e068da027ee3615d07808cd01a15e09dcb1581fef692cfd33be5b0cfef80f7d19c7230e96366b16495348e3d13cd0de0766bf934f0601c197

  • SSDEEP

    24576:TzaqtRE5KkvYkBN7KU7UE+G4237XbBLFbelabn2Td:fDWKkwkBB5Y2rrBZCan2Td

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      September PO.exe

    • Size

      1.1MB

    • MD5

      fcbeee4d98c0149d7a4d77544584a4b1

    • SHA1

      252c90496e1d30c85af718df02053f2bf876b5fa

    • SHA256

      2f871dc858b7320d26415f760957201d60691eee8d3939eb2e443a2ee8bad3ef

    • SHA512

      cd6560c55d24c04ef6ee73fd033ef1e8c61246344a5d8542fc92c7fb9d39852774dd3eac2169f64dd86c866224d94f1d14eae95d3c97252f96b55588ff8a1235

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCD257KUpiESY42J7XfBx3bSlqbz7TY:7JZoQrbTFZY1iaCSPjI25vBtGKz7TY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks