General

  • Target

    PURCHASE ORDER.exe

  • Size

    704KB

  • Sample

    240403-l3gevacd35

  • MD5

    e00fdc1a9fb6b825777ec17cbbae95ca

  • SHA1

    6699ee51a7d91a105a6527ff7e985772c79752a6

  • SHA256

    a48b8a6ca726f32569a7e2041803898a902437ee7724da53accfb6dc52fa8a87

  • SHA512

    7efc37e73190b762358466857e46d49737be973fecf477683a2b65efb0d792cb6c0a98f22d3051dec09264ac1f747aaead7914320e447a08e4671e4b094f5459

  • SSDEEP

    12288:ordsbuCO8nxSdyLC5cGtVeFkXlE9btKHJWkB4SxnRBctrIIR410W:RK8nGy0H1XqjSWkB4St8RS10

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PURCHASE ORDER.exe

    • Size

      704KB

    • MD5

      e00fdc1a9fb6b825777ec17cbbae95ca

    • SHA1

      6699ee51a7d91a105a6527ff7e985772c79752a6

    • SHA256

      a48b8a6ca726f32569a7e2041803898a902437ee7724da53accfb6dc52fa8a87

    • SHA512

      7efc37e73190b762358466857e46d49737be973fecf477683a2b65efb0d792cb6c0a98f22d3051dec09264ac1f747aaead7914320e447a08e4671e4b094f5459

    • SSDEEP

      12288:ordsbuCO8nxSdyLC5cGtVeFkXlE9btKHJWkB4SxnRBctrIIR410W:RK8nGy0H1XqjSWkB4St8RS10

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks