General

  • Target

    YPT23_1503_7_Swift_Mesaji_20230331.exe

  • Size

    213KB

  • Sample

    230403-gm2zdsda98

  • MD5

    8219dd1ee25fb7be4d34e677d5fc3c83

  • SHA1

    bca7ba7d05b2b82b9261a3b1e970180242d61868

  • SHA256

    77e992be1452e98850fd4c486ac9011559a9f42553fff1075f33bf2d80314a09

  • SHA512

    eff593df20764c8b9d68b09ae9a7d9ff2c4fecba8f23a8b0e2a08126fe336d36eba09f9c087c1c44b34be355b174f86e49970c6cbaad6485fad59421cd24610c

  • SSDEEP

    6144:9fi+cTfTZE7rwisnvagMewwjv4OKCJezI:9fqfTZE7rwdnvagMewwLUCWI

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      YPT23_1503_7_Swift_Mesaji_20230331.exe

    • Size

      213KB

    • MD5

      8219dd1ee25fb7be4d34e677d5fc3c83

    • SHA1

      bca7ba7d05b2b82b9261a3b1e970180242d61868

    • SHA256

      77e992be1452e98850fd4c486ac9011559a9f42553fff1075f33bf2d80314a09

    • SHA512

      eff593df20764c8b9d68b09ae9a7d9ff2c4fecba8f23a8b0e2a08126fe336d36eba09f9c087c1c44b34be355b174f86e49970c6cbaad6485fad59421cd24610c

    • SSDEEP

      6144:9fi+cTfTZE7rwisnvagMewwjv4OKCJezI:9fqfTZE7rwdnvagMewwLUCWI

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Collection

Email Collection

1
T1114

Tasks