General

  • Target

    a6bcba1163a4924be728f1c6b847de3342a23047b30c7bcdebecf01910d66515.exe

  • Size

    1.1MB

  • Sample

    240518-k2qfpada2v

  • MD5

    d3d4eadf3c33f7f479c4e647ac76ed25

  • SHA1

    de5ed294b31eb5f6b43b1f53d7199cdfb937d2be

  • SHA256

    a6bcba1163a4924be728f1c6b847de3342a23047b30c7bcdebecf01910d66515

  • SHA512

    dd0dd44074f114d40cee6a3e5e004fa186cc22d1c6fde9bbbbb4eaad02fc9935ac3807982e8cb3338a7ae37fafe6a67a45fffc040f08617af994d159057ccd99

  • SSDEEP

    24576:4AHnh+eWsN3skA4RV1Hom2KXMmHa41rTNIZt3ZAy+vKLIzL5:/h+ZkldoPK8Ya41rA3m+MB

Malware Config

Targets

    • Target

      a6bcba1163a4924be728f1c6b847de3342a23047b30c7bcdebecf01910d66515.exe

    • Size

      1.1MB

    • MD5

      d3d4eadf3c33f7f479c4e647ac76ed25

    • SHA1

      de5ed294b31eb5f6b43b1f53d7199cdfb937d2be

    • SHA256

      a6bcba1163a4924be728f1c6b847de3342a23047b30c7bcdebecf01910d66515

    • SHA512

      dd0dd44074f114d40cee6a3e5e004fa186cc22d1c6fde9bbbbb4eaad02fc9935ac3807982e8cb3338a7ae37fafe6a67a45fffc040f08617af994d159057ccd99

    • SSDEEP

      24576:4AHnh+eWsN3skA4RV1Hom2KXMmHa41rTNIZt3ZAy+vKLIzL5:/h+ZkldoPK8Ya41rA3m+MB

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks