General

  • Target

    New POs# ST-2312180 to ST-2312182.exe

  • Size

    1.3MB

  • Sample

    250123-cjebpsxqfm

  • MD5

    b30d2c0c5d2a7eb1d14fcbee93a3dfb5

  • SHA1

    03a916e21638160bcc2c60a223ea6effbafbe9b6

  • SHA256

    3548aa0ee0cecf920604b5d5d5c231f2a5241a012548198402e6121a43ef55f7

  • SHA512

    8edcef9ba3e7c0220edc57aedb42a916298da358b76a278321b055897f5f709a88ecdf850894e1f6afe0febdf4fbecc637c39c75b064b7ca94cf01988136bf71

  • SSDEEP

    24576:xtb20pkaCqT5TBWgNQ7aKq1LnckdvRHADmacmzi/rYApm6A:CVg5tQ7aK45OSB+is5

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      New POs# ST-2312180 to ST-2312182.exe

    • Size

      1.3MB

    • MD5

      b30d2c0c5d2a7eb1d14fcbee93a3dfb5

    • SHA1

      03a916e21638160bcc2c60a223ea6effbafbe9b6

    • SHA256

      3548aa0ee0cecf920604b5d5d5c231f2a5241a012548198402e6121a43ef55f7

    • SHA512

      8edcef9ba3e7c0220edc57aedb42a916298da358b76a278321b055897f5f709a88ecdf850894e1f6afe0febdf4fbecc637c39c75b064b7ca94cf01988136bf71

    • SSDEEP

      24576:xtb20pkaCqT5TBWgNQ7aKq1LnckdvRHADmacmzi/rYApm6A:CVg5tQ7aK45OSB+is5

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks