General

  • Target

    Price List MAYQTRA031244PDF.scr.exe

  • Size

    236KB

  • Sample

    240501-rt7hkaha91

  • MD5

    313288ef87f8dfd992039233d952ede2

  • SHA1

    6e83e5923f2b8d94f2ca832394a27a6c731fa1ac

  • SHA256

    1eecb41cab35c2ad1402959834f8c39ca39c70a7b749906344d4423b3c78bfd7

  • SHA512

    3ee8c186b02c55c49940e4609c93052ca96fde1a40cb59495bb2e01a1abcba8f227050447595a63db88c494458c5457a4e13d6fae238ac80263198721a62559b

  • SSDEEP

    6144:HYVE08tYLBZGEQrdm4Vz0Rpppppppppppppppppppppppppppppq:+LQrdm4Vz0Rpppppppppppppppppppp4

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Price List MAYQTRA031244PDF.scr.exe

    • Size

      236KB

    • MD5

      313288ef87f8dfd992039233d952ede2

    • SHA1

      6e83e5923f2b8d94f2ca832394a27a6c731fa1ac

    • SHA256

      1eecb41cab35c2ad1402959834f8c39ca39c70a7b749906344d4423b3c78bfd7

    • SHA512

      3ee8c186b02c55c49940e4609c93052ca96fde1a40cb59495bb2e01a1abcba8f227050447595a63db88c494458c5457a4e13d6fae238ac80263198721a62559b

    • SSDEEP

      6144:HYVE08tYLBZGEQrdm4Vz0Rpppppppppppppppppppppppppppppq:+LQrdm4Vz0Rpppppppppppppppppppp4

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks