General

  • Target

    PO docs.iso

  • Size

    4.5MB

  • Sample

    240515-se4c2aef6v

  • MD5

    69e3518881c67aed5d119a0cd8fd3fa9

  • SHA1

    bc7f3a5c8edb6fb3a15e7fb84220b9064b16134e

  • SHA256

    c1b10ca7aac50af11c80df17d6beb69b36b6b468b8ae79d33e60b77e66f4183c

  • SHA512

    0e0e900046dabf6cf5020edad477d703acbfe3452f90f7203d8f403815b121a01a68ae8bdf4249bbfc55fa15ff121841f9e1115f33e59cd75b1d326d9e0791d1

  • SSDEEP

    24576:ONrJDheOmsfxYFB6YST9YaCjWbOCixQel8vBw+/m6hWsmQvd6KqcR3PPwf:O

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Hqjtehdep.exe

    • Size

      4.4MB

    • MD5

      dcbe06e2f3054aa9126691eaa33f03f2

    • SHA1

      9716dc37e885de30efb8319f3653782c25712db2

    • SHA256

      6e93b0e461b5098a0b9f61b10199135452cf93e54fd2d4fa37b9df909591be2b

    • SHA512

      4ed52f2783ad6813526f0e3dd6fb4c1648aa5883f1beca5cd8f12cd50828d2c52ad782133bd8e4a57348fdc7b089b62e222550b146dab6447ca46c15f0e50b88

    • SSDEEP

      24576:ENrJDheOmsfxYFB6YST9YaCjWbOCixQel8vBw+/m6hWsmQvd6KqcR3PPwf:E

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks