General

  • Target

    PURCHASE ORDER.r15.rar

  • Size

    659KB

  • Sample

    240403-pea5psch9w

  • MD5

    47237459049e1a1fef406c60bf2e579c

  • SHA1

    a7e3a9e0ee2189789e8496b10f00871067969a8a

  • SHA256

    bcb63c80b4b0c627f4a89aa24845e3e9ff0442f23a30ce0d1be48eba2a5d3a36

  • SHA512

    d82e66d8e9082cb7c0bcd21db91fc163fb54c740af25c7414fb3e1384acd33a002ce006df4875fb5ac92ab41f883f19efcde3c9435a8181047b3e164c93554e4

  • SSDEEP

    12288:mc6tcqbjiPZ5QqNJI7l0bsaGB6HoyVY1LPGGLuu5x/jWC:38iUqNaZIG6WPGMKC

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      PURCHASE ORDER.exe

    • Size

      704KB

    • MD5

      e00fdc1a9fb6b825777ec17cbbae95ca

    • SHA1

      6699ee51a7d91a105a6527ff7e985772c79752a6

    • SHA256

      a48b8a6ca726f32569a7e2041803898a902437ee7724da53accfb6dc52fa8a87

    • SHA512

      7efc37e73190b762358466857e46d49737be973fecf477683a2b65efb0d792cb6c0a98f22d3051dec09264ac1f747aaead7914320e447a08e4671e4b094f5459

    • SSDEEP

      12288:ordsbuCO8nxSdyLC5cGtVeFkXlE9btKHJWkB4SxnRBctrIIR410W:RK8nGy0H1XqjSWkB4St8RS10

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks