General

  • Target

    nhhhhnn.exe

  • Size

    611KB

  • Sample

    221208-lbbqaace21

  • MD5

    75e55b619b34973c98df9425fcda82a7

  • SHA1

    c56718c5d03aa9d7bd3ce9f46afbf7efb4c421db

  • SHA256

    d584f5c481acd2b638b4196021c6326b590c2b64aa0a8b3953e69ad232d651fe

  • SHA512

    fac6cc1acb9d7a0b783cb0be2e6855e0bffdc62cec9e9e0756e5e51ff7b77f6a6bb66dca42c63d6ae055f893c54c514d28f50d23a40a631a185060a36c50acb6

  • SSDEEP

    12288:vc7FkSAEj5yn7i2IY9UG5JGsRw5kfCqqcrhIREsXx8mFmH:v91Ejyi1Y9/5JGsC5k6LIpsB8lH

Malware Config

Targets

    • Target

      nhhhhnn.exe

    • Size

      611KB

    • MD5

      75e55b619b34973c98df9425fcda82a7

    • SHA1

      c56718c5d03aa9d7bd3ce9f46afbf7efb4c421db

    • SHA256

      d584f5c481acd2b638b4196021c6326b590c2b64aa0a8b3953e69ad232d651fe

    • SHA512

      fac6cc1acb9d7a0b783cb0be2e6855e0bffdc62cec9e9e0756e5e51ff7b77f6a6bb66dca42c63d6ae055f893c54c514d28f50d23a40a631a185060a36c50acb6

    • SSDEEP

      12288:vc7FkSAEj5yn7i2IY9UG5JGsRw5kfCqqcrhIREsXx8mFmH:v91Ejyi1Y9/5JGsC5k6LIpsB8lH

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Tasks