General

  • Target

    669f16a731ff8d217b742844a6529a1844263b362de40b5c22aa49e6091c5b67

  • Size

    860KB

  • Sample

    240917-g344paydjg

  • MD5

    da3ef958b153e906429105f6609d21da

  • SHA1

    92dd5b835119d8877557c8f48d283e097f50eb8a

  • SHA256

    669f16a731ff8d217b742844a6529a1844263b362de40b5c22aa49e6091c5b67

  • SHA512

    d8558bba72bbb71c01ec1804076f6798e4d1a7f5db2b653c2b83a38861a66e7c3b2a2ffd606c72008d673da040c108f9245ff56daa1e429911a79948d1595363

  • SSDEEP

    24576:YzaqtRE5KkvYkBN7KU7UE+G4237XbBLFbelabn2T2:EDWKkwkBB5Y2rrBZCan2T2

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Arrival Notice.exe

    • Size

      1.1MB

    • MD5

      fcbeee4d98c0149d7a4d77544584a4b1

    • SHA1

      252c90496e1d30c85af718df02053f2bf876b5fa

    • SHA256

      2f871dc858b7320d26415f760957201d60691eee8d3939eb2e443a2ee8bad3ef

    • SHA512

      cd6560c55d24c04ef6ee73fd033ef1e8c61246344a5d8542fc92c7fb9d39852774dd3eac2169f64dd86c866224d94f1d14eae95d3c97252f96b55588ff8a1235

    • SSDEEP

      24576:uRmJkcoQricOIQxiZY1iaCD257KUpiESY42J7XfBx3bSlqbz7TY:7JZoQrbTFZY1iaCSPjI25vBtGKz7TY

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks