General

  • Target

    bank details.exe

  • Size

    1.1MB

  • Sample

    221101-nlj6hsbdf3

  • MD5

    e2d07c1194008eacff161c48fcb8b1c5

  • SHA1

    5436041b87687cc33fc7cc00dd10d0ed7249fe73

  • SHA256

    a04c0b0273560589235ee79ec27c895ca5d8c4e3e389a13ed6efca03a552e650

  • SHA512

    d251aaad669ea2a654037e062299569803c905477b0f9f8159c66d991608653fdffbc41abd6c24521fb31dfe6ef0299583690d07cc15bead5f269c9909b82939

  • SSDEEP

    24576:H77e4piFmw5WhGAwp7cKCocrGiPBFDDdOCNKWU:tKlWh67cfocrdPcmKz

Malware Config

Targets

    • Target

      bank details.exe

    • Size

      1.1MB

    • MD5

      e2d07c1194008eacff161c48fcb8b1c5

    • SHA1

      5436041b87687cc33fc7cc00dd10d0ed7249fe73

    • SHA256

      a04c0b0273560589235ee79ec27c895ca5d8c4e3e389a13ed6efca03a552e650

    • SHA512

      d251aaad669ea2a654037e062299569803c905477b0f9f8159c66d991608653fdffbc41abd6c24521fb31dfe6ef0299583690d07cc15bead5f269c9909b82939

    • SSDEEP

      24576:H77e4piFmw5WhGAwp7cKCocrGiPBFDDdOCNKWU:tKlWh67cfocrdPcmKz

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks