General

  • Target

    17092024_0456_17092024_PO4356823.rar

  • Size

    815KB

  • Sample

    240917-fk3bpsvhph

  • MD5

    6631e6af36b135b6beb09b57c9b61653

  • SHA1

    7dce87f07d1d7195569e3d610ff6e5cd9f8000ac

  • SHA256

    bdd8d6c312556d3ccc406f3484e159b140035e5b0c83fa361a0d802f3d911a30

  • SHA512

    462bb545382186c5bd21a1ff638648a6eefe147ce7129c0673d7266081351b051884dff7585116aa84a4dbfbc9a4de8be5066dd0fffaf61187839ae35bfeac1e

  • SSDEEP

    12288:p+6Us22R2wE3Q4HNJiCojN3eCgrt9zyUZQwiLqBPf89BNvVuAFI4Gq/+Wie3qQb/:pSR0LD4tJiCxryUVjPf8Ba4hGHfQbI0

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PO4356823.exe

    • Size

      1.1MB

    • MD5

      07a958109854778ba3f891872d8d0734

    • SHA1

      4dc9a5067843fccd066bc6de7386760471ce46de

    • SHA256

      3251093aa6fdae864fe5072d57e4b976ae384281f5a6b1e707a15ceb8af152b1

    • SHA512

      f82216eb457b98d0f3c74d3385338e48111a8b701d3a8b69507dab09dfe8a4586f7ff0bea3762da9411f8d31c96bee9d4036aabd55a926b24c58f706bac07039

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaC1jU5S7Ufq510csTteku0mAgI/o:7JZoQrbTFZY1iaCL7Ufqr01teUmAR/o

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks