General

  • Target

    17092024_0039_16092024_#29469O204.zip

  • Size

    860KB

  • Sample

    240917-aztefsyajc

  • MD5

    261459d06de5291c3531b8b1b1e622d0

  • SHA1

    aa9a8c788860e5a8e2738b922a69ebc782774406

  • SHA256

    8afd6ac48d3827f249c8b86e38002a3eb23a4990263abb3ac109fd10e2923442

  • SHA512

    c428c09545807486e9d358857887722dbf8f05bc14740eb87f7db1dd79b291faa9e1a05bd94094b8cf2627df75d7af686c56ba7363a394fb62f787e2d33fa2cf

  • SSDEEP

    24576:1zaqtRE5KkvYkBN7KU7UE+G4237XbBLFbelabn2TL:NDWKkwkBB5Y2rrBZCan2TL

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      #29469O204.exe

    • Size

      1.1MB

    • MD5

      fcbeee4d98c0149d7a4d77544584a4b1

    • SHA1

      252c90496e1d30c85af718df02053f2bf876b5fa

    • SHA256

      2f871dc858b7320d26415f760957201d60691eee8d3939eb2e443a2ee8bad3ef

    • SHA512

      cd6560c55d24c04ef6ee73fd033ef1e8c61246344a5d8542fc92c7fb9d39852774dd3eac2169f64dd86c866224d94f1d14eae95d3c97252f96b55588ff8a1235

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCD257KUpiESY42J7XfBx3bSlqbz7TY:7JZoQrbTFZY1iaCSPjI25vBtGKz7TY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks