General

  • Target

    FACTURA_.EXE.exe

  • Size

    710KB

  • Sample

    240327-m2t5zsdg3y

  • MD5

    8670ff57444ced9cc643f4588e41a93e

  • SHA1

    7195dc5aeda6f7f88e32e3aab2c696959c4e42a5

  • SHA256

    4150a9254130775146e1973ba461ffacc7d51365da70db48becba50fbfc1e39d

  • SHA512

    d4948994ac3dfb526a0b03b8c3d442c4254f2145fbe3574f45e4b4bd5ddbc575870ad261de7f92a351808ecb1c8b62ea9c4e86c69ae945c4cb8cccf090c5c0fd

  • SSDEEP

    12288:AsHzOUNUSB/o5LsI1uwajJ5yvv1l2WiqfqVR7idUfRgtdvGmavCbyBW6/:TiUmSB/o5d1ubcvpjbdWgf2W6/

Malware Config

Targets

    • Target

      FACTURA_.EXE.exe

    • Size

      710KB

    • MD5

      8670ff57444ced9cc643f4588e41a93e

    • SHA1

      7195dc5aeda6f7f88e32e3aab2c696959c4e42a5

    • SHA256

      4150a9254130775146e1973ba461ffacc7d51365da70db48becba50fbfc1e39d

    • SHA512

      d4948994ac3dfb526a0b03b8c3d442c4254f2145fbe3574f45e4b4bd5ddbc575870ad261de7f92a351808ecb1c8b62ea9c4e86c69ae945c4cb8cccf090c5c0fd

    • SSDEEP

      12288:AsHzOUNUSB/o5LsI1uwajJ5yvv1l2WiqfqVR7idUfRgtdvGmavCbyBW6/:TiUmSB/o5d1ubcvpjbdWgf2W6/

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks