General

  • Target

    Debug.rar

  • Size

    703KB

  • Sample

    240407-x7acwacc6y

  • MD5

    5d00873f5d1dfe75027ec6deb35bb518

  • SHA1

    b4d448bb0e10be9f5926a567934d8c42e6124afb

  • SHA256

    651f2668229b6d9e70b599c4321f219ee98a7b86e137c98f596bdd8aff092952

  • SHA512

    80c0a895adb1e33991e173b51f34e8c38e09a5eb9852a66cfbc3871b8ed8df61e3bdb8bfc42727f577a2c441b0c5952e68a6a2905b38f577b8b4fe81d128b453

  • SSDEEP

    12288:3aFVmOAhdHxdPLn931grPRhzkZJXNQTIWGk9HzA1ulSg5rpFk2vLTC:qrATxdDgfzEJXGTGkW1kSg7LTu

Malware Config

Targets

    • Target

      Debug.rar

    • Size

      703KB

    • MD5

      5d00873f5d1dfe75027ec6deb35bb518

    • SHA1

      b4d448bb0e10be9f5926a567934d8c42e6124afb

    • SHA256

      651f2668229b6d9e70b599c4321f219ee98a7b86e137c98f596bdd8aff092952

    • SHA512

      80c0a895adb1e33991e173b51f34e8c38e09a5eb9852a66cfbc3871b8ed8df61e3bdb8bfc42727f577a2c441b0c5952e68a6a2905b38f577b8b4fe81d128b453

    • SSDEEP

      12288:3aFVmOAhdHxdPLn931grPRhzkZJXNQTIWGk9HzA1ulSg5rpFk2vLTC:qrATxdDgfzEJXGTGkW1kSg7LTu

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks