General

  • Target

    b92f592c56d52d960cc9215c5e72aad8.bin

  • Size

    1.4MB

  • Sample

    231121-c8skmabf83

  • MD5

    6aba8ef4f8f56ce381b389f2c5bbc379

  • SHA1

    362ad9d84e7255d8c623d7b77a2c3025a1cb1181

  • SHA256

    e4960467f26b430c8fd6e1e4ae54fd4e5ee97f551a07582671bb0c6bebd7c6ea

  • SHA512

    76113412f6fcc62985d414898156f4aa972eb6f41e841664bdb56ea3231af87f11b4a48c8c5c1d59ac0e8cedd93f88c48472865772a8dd6e40a38a20c5ae6d94

  • SSDEEP

    24576:0KRMBU8hjRg5/fgb8wkG/O3QWREKmWYhw1OsknN5DzIlywU4SJAWNP7X28e:J78ZS5/SXWREKzPS5z0K4SJAwDC

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Shipping Documents.exe

    • Size

      1.9MB

    • MD5

      e0bcb417f88eb3763db1da03853375e1

    • SHA1

      3a4dafbaacf7127a7bd55a20346d9c857e01b5f2

    • SHA256

      bf744936c8aa55662bebab8ba8274b7aafee33d076fd302beedb1a1ba9241afd

    • SHA512

      b718af048706bf1b66ba69b429376702fb59dc03055ce22a10821509f80ba2beddae176a7234cf97ec7265a8a9f97b2ccc61ee4b11b086054799275549b7a1d5

    • SSDEEP

      49152:sPKSQTERAQO3i2X9QfDjii+ZoEpNJHXXXS:MKSQTvmfvI5Xy

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks