General

  • Target

    f023d69f82e2767f504e845149c16b4748c5861170eba2ebfe434d274d6654d2

  • Size

    371KB

  • Sample

    240518-j9jgnsbe6t

  • MD5

    762924f898213fc0795c01d1842d82cc

  • SHA1

    fe6870aad3744903434a45cef6be359989192851

  • SHA256

    f023d69f82e2767f504e845149c16b4748c5861170eba2ebfe434d274d6654d2

  • SHA512

    280408bcb175530b85d305471deb62dcf2a9bcf4f21ea0d60b1acd454680d3c8580fe9359f90411a830c33fc8915221b2ea378efe4260313822fdd48a273f390

  • SSDEEP

    6144:USntsmoKwSoh8CN4qXo/UjENcuXq8h4dEmZWpkb9U8GArSNfHLwsAgbyWIUF78:mmhwSohTWqXjIX/egpkb9U8G1ZLUgbyL

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6921829812:AAEnJSJNfX1IyXT3BfHBFaRrW9XkEjVZMFs/

Targets

    • Target

      Order Inquiry for new Purchase_pdf.exe

    • Size

      947KB

    • MD5

      12a0d4a27fb7f7d5f1b345c9e6b171e2

    • SHA1

      6c6c01b4d9023e2f77ea6758b935c656637e5ea2

    • SHA256

      fc44d6c0bc3f20d6e311cbc63e3442fb7f31b2edf039e49ce424549eddfa522d

    • SHA512

      1916f25fd5dca34c3c92c97a0a5ccd9663d1bdce3d00ee23fd5c1dcdc91784fcdba8fb4857c0478f95920f0c9bbe9e422effa2163e724af4343f6c7ae6dd4418

    • SSDEEP

      24576:OeqkD+B877zBtMA0yZqv+D09Pxjlahm8QIPntPG1kYWAXPJ:OeX+xjz8HzYW

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks