General

  • Target

    21012025_2349_21012025_Ref#8520163.rar

  • Size

    183KB

  • Sample

    250121-3t7n4sxqdq

  • MD5

    8cfd588be8c79797a58a8a80344fed82

  • SHA1

    b5e72c2d6901acac2ae5c4c702c291346dae97fc

  • SHA256

    535a4e9aa5f3196873a3df5dc2c62c4d49965c1e087004ddeb740244c674c2c0

  • SHA512

    cccac1c4757159f3f1ed7b8a34fa68342b083aa9ec5742320bd01fc407650bff435eb0dc07e5de7131b850f1b4353ec736d4b8092b2397456dcfe25a7773097b

  • SSDEEP

    3072:bzu8etLASAEOGbkgRovEATXvjlB4oxdsD3CJ0u1hOZw3dwujemGQbJvpETwu:3yLsEZkSMtXVdO3gbhZ3d3jxnTuwu

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Ref#8520163.exe

    • Size

      550KB

    • MD5

      cc2dd1190955e9f7541891da1a9f6821

    • SHA1

      a16680ac39d22199203933b62382b90ffba3dd4d

    • SHA256

      c5daf9f6683fd5aa8f434ed963a20e7a89ff6f31a94ccee21dc6d58eb6502ad1

    • SHA512

      b86071af21ad517c7e39f49e4347ecee1361cccce1bf15159ce9990b2465fbece2f6748a941f3b380a58888aaf735031160016558df8be5030bd233d23260a7c

    • SSDEEP

      6144:utRRUEOmuauSSLuaFjYZaQqRbcoMLO9ohmVoxOaHcBBt7VFFplA2iAr1:qYElucSKaFj5WOraxL8BBXFFg2iQ

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops startup file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks