General

  • Target

    9ebb6978d40e7e5870ee40d426ccc6cf7eff686b5d95375399c6d15388067f0d

  • Size

    7.1MB

  • Sample

    241120-bywzmayamj

  • MD5

    9b2c361b77d2a5198602a24b473b506a

  • SHA1

    01a4beda7991a7d5ad9717e25e3d47d219dec1f9

  • SHA256

    9ebb6978d40e7e5870ee40d426ccc6cf7eff686b5d95375399c6d15388067f0d

  • SHA512

    3fb44a807dc6bc1aaf97f7a39b06a870d1f8d19429cd699b1839ee4233d1267ab3fac535255b49d07d32937e79df888c1e75c52a725405b416ed99236465741e

  • SSDEEP

    98304:YlaHVJHFOv9GJ6RiiOPriSL+pMI6cNKu4X2XfQ9rr6YrxV:ZHzFOvcOS0MRcNz4mI9qYtV

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      9ebb6978d40e7e5870ee40d426ccc6cf7eff686b5d95375399c6d15388067f0d

    • Size

      7.1MB

    • MD5

      9b2c361b77d2a5198602a24b473b506a

    • SHA1

      01a4beda7991a7d5ad9717e25e3d47d219dec1f9

    • SHA256

      9ebb6978d40e7e5870ee40d426ccc6cf7eff686b5d95375399c6d15388067f0d

    • SHA512

      3fb44a807dc6bc1aaf97f7a39b06a870d1f8d19429cd699b1839ee4233d1267ab3fac535255b49d07d32937e79df888c1e75c52a725405b416ed99236465741e

    • SSDEEP

      98304:YlaHVJHFOv9GJ6RiiOPriSL+pMI6cNKu4X2XfQ9rr6YrxV:ZHzFOvcOS0MRcNz4mI9qYtV

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks