General

  • Target

    fa5392813def2278a7df646d987f8f795370b034d2c5d8a485d331c7a6a5662cN

  • Size

    1.1MB

  • Sample

    240921-s9sj1szfqe

  • MD5

    b4a8d78ac7a0d021a952df540f19ba40

  • SHA1

    176b0680ef8bfaab4dc13c46d40cfd914fcb662f

  • SHA256

    fa5392813def2278a7df646d987f8f795370b034d2c5d8a485d331c7a6a5662c

  • SHA512

    dd2aa4cb916c93082434f0a451f8ae736da1382a363c206f08b790e57f32727da401c4487db6e7413d5ef3471451ed43e9a066065d27a9ef7aef57a58f1fc829

  • SSDEEP

    24576:RRmJkcoQricOIQxiZY1ia7uz53U3YwvIL0BJCF/yXYi3:eJZoQrbTFZY1ia7uzFUPBz3

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      fa5392813def2278a7df646d987f8f795370b034d2c5d8a485d331c7a6a5662cN

    • Size

      1.1MB

    • MD5

      b4a8d78ac7a0d021a952df540f19ba40

    • SHA1

      176b0680ef8bfaab4dc13c46d40cfd914fcb662f

    • SHA256

      fa5392813def2278a7df646d987f8f795370b034d2c5d8a485d331c7a6a5662c

    • SHA512

      dd2aa4cb916c93082434f0a451f8ae736da1382a363c206f08b790e57f32727da401c4487db6e7413d5ef3471451ed43e9a066065d27a9ef7aef57a58f1fc829

    • SSDEEP

      24576:RRmJkcoQricOIQxiZY1ia7uz53U3YwvIL0BJCF/yXYi3:eJZoQrbTFZY1ia7uzFUPBz3

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Accesses Microsoft Outlook profiles

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks