General

  • Target

    URGENT REQUEST FOR QUOTATION.rar

  • Size

    729KB

  • Sample

    240302-rf46aaed84

  • MD5

    148d03762a23c1d838b536d69b978ac1

  • SHA1

    491db8453e4dc4234fb5fa500a795e4be4ebd26b

  • SHA256

    98e709d1370236f05fb7eeb50885780edb612dfb11e9a7852841190cd8ce1629

  • SHA512

    b93373b9fbea3ee77a710da3adb4bc70d18831a771fa592f2627057ee8bf88f0c51368c194e8a08bdef7ee2357c1b70ae36fc3f685a2627c4c61e583197ee932

  • SSDEEP

    12288:W7XpvXKehR1LMXbxU0PIiaQI4pN+59BTMucpqW882o8TerFE1t3s1kYnSXWLx1TC:wXpP5PEb1Wnx/YNpqW88gTCFy3IkYnSr

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      URGENT REQUEST FOR QUOTATION.exe

    • Size

      834KB

    • MD5

      248848768f3bdd47f6fcd6a25cd6ace4

    • SHA1

      32bab09e80087dcc4bd302484387799ad3470297

    • SHA256

      df8e553c6b2d78a240c76c5efbc15beba8be24362f53d9bdfc0c42c74934d293

    • SHA512

      961662f8856245e54dcb66bf20d1088857011b4a7e2a2e2cf55b0ffadc0e6e46201cd473197e6fafc5c69eb6180fb9a0060945a8622ed7fcd6fb19630b8fa1e5

    • SSDEEP

      24576:tIWg5y9z3EID9zgDURr+BJuvBNomMbEwo+:tIWg5y53D6yr+BJIomMbs+

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks