General

  • Target

    Transferencia de pago___________.exe

  • Size

    1018KB

  • Sample

    250701-jcjq6stjs7

  • MD5

    53fd241075e84f769eaef4517681e43f

  • SHA1

    fde83070f211e5a6b7c9981381dff5a3a8ba2cc6

  • SHA256

    713d6000105067014ff9fa66e412f7463c6b7c9e6a2d4a4e34a72b28b523ef55

  • SHA512

    f1704d6fdf88482cda6219f5f059581e7240b467d8961fbe9f2cca8826e3028b7428012de8ede58319e52ffd5a122dbd97128bf6da023765e6b5b70e7c521db1

  • SSDEEP

    24576:PuE0Vsb8ImfhQ8IryCw0Ijm8IryCw0Ij:WPVC8phQ8IrJ4C8IrJ4

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Transferencia de pago___________.exe

    • Size

      1018KB

    • MD5

      53fd241075e84f769eaef4517681e43f

    • SHA1

      fde83070f211e5a6b7c9981381dff5a3a8ba2cc6

    • SHA256

      713d6000105067014ff9fa66e412f7463c6b7c9e6a2d4a4e34a72b28b523ef55

    • SHA512

      f1704d6fdf88482cda6219f5f059581e7240b467d8961fbe9f2cca8826e3028b7428012de8ede58319e52ffd5a122dbd97128bf6da023765e6b5b70e7c521db1

    • SSDEEP

      24576:PuE0Vsb8ImfhQ8IryCw0Ijm8IryCw0Ij:WPVC8phQ8IrJ4C8IrJ4

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Agenttesla family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks