General

  • Target

    7a0ad10ad439ac3538cb6704eb5b5db6dada5eae0ed1b590d907071ec6f3889c

  • Size

    1.2MB

  • Sample

    240326-bzfzssbd34

  • MD5

    9bea006d5010697d19ede13c03b7d07a

  • SHA1

    91512c5b3b1ba03489d4825d539eabcd7546e452

  • SHA256

    7a0ad10ad439ac3538cb6704eb5b5db6dada5eae0ed1b590d907071ec6f3889c

  • SHA512

    7be4983c68f6ae4fdfff0990461e80dd1fbda4c4d93bb7bb8c12556a6419d7d68e2d20a135cf95e85cf1044ee0766e147be598aecf3a7f00534e7ea3d331cdc8

  • SSDEEP

    12288:WLTA8PHO5mU0It6itmD+HcwbdbJlXR3JlVf87I3:CTA8PO5mU16iQKHhdbbHf8

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6387496510:AAGzkvOV3EOvSZjPNfclsVSKq_tcdKpU-7o/

Targets

    • Target

      Scan067-2024-03-25.exe

    • Size

      665KB

    • MD5

      f0a288f78c5312449a55154083eade5f

    • SHA1

      240a70ce2e75f78f5618603e72894e008141a79a

    • SHA256

      0a184e4ad5c58aa41348509fdab0d3d30ab16a45cca699bde8b88f9dde9915d3

    • SHA512

      108034373f7cb3c6755d9f316e3ae54a1cebf4eb486544a2ce3568188aeb701a5252302f798e6033b27df0f846a91d7967398e95af2d96f9ee08a296098b34fd

    • SSDEEP

      12288:FLTA8PHO5mU0It6itmD+HcwbdbJlXR3JlVf87I37:9TA8PO5mU16iQKHhdbbHf8Y

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Guloader,Cloudeye

      A shellcode based downloader first seen in 2020.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • Target

      Archd/Spyhole.Sme

    • Size

      58KB

    • MD5

      ac8beecc7660314f01c2961644545074

    • SHA1

      f161d8c0e011582c36e5a8d0355a8592ed3f7b3a

    • SHA256

      6956b9513f7743bf415308c1bd2e3faea66cadea8def5ed34ad7beec98cfab1c

    • SHA512

      18f8753656898b6e211575cbf0c7e5fd604daa334221f1c1e2093bd7e6ae35cc30a83d6dc2df80c7b81ad04e1bb126eca6bac9e6aecfc57ac5465435bad206f4

    • SSDEEP

      1536:UER3wWFmHDVCv6YSwRJiEdvDtp12PSNPtILZLxpn:UERlFcQ1SwPtr2w2dxd

    Score
    8/10
    • Modifies Installed Components in the registry

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks