General

  • Target

    341d2de39b3d93706aa42ffa00d7d3e29f15e8beaf94a2c5d8a44dbbc02e2159.exe

  • Size

    1.2MB

  • Sample

    240518-lct81sdc73

  • MD5

    76609684d4f0fdd1e46ddf8353c389bf

  • SHA1

    9d8d983f75264a4989a55774cd500ee68b40e70b

  • SHA256

    341d2de39b3d93706aa42ffa00d7d3e29f15e8beaf94a2c5d8a44dbbc02e2159

  • SHA512

    abfadc1ab8f0439697a5ca36f4c29c2d0ddcde3ac0249993ffc09aac3d8f856a9f01e32203e976938c80271a9f865435b7ea903a8dc0b24e34e7b82d999542e3

  • SSDEEP

    24576:sAHnh+eWsN3skA4RV1Hom2KXMmHaqYTPyd+ez0pBTazbM5gMv45:Lh+ZkldoPK8YaqYU+4aBTaU5gMW

Malware Config

Targets

    • Target

      341d2de39b3d93706aa42ffa00d7d3e29f15e8beaf94a2c5d8a44dbbc02e2159.exe

    • Size

      1.2MB

    • MD5

      76609684d4f0fdd1e46ddf8353c389bf

    • SHA1

      9d8d983f75264a4989a55774cd500ee68b40e70b

    • SHA256

      341d2de39b3d93706aa42ffa00d7d3e29f15e8beaf94a2c5d8a44dbbc02e2159

    • SHA512

      abfadc1ab8f0439697a5ca36f4c29c2d0ddcde3ac0249993ffc09aac3d8f856a9f01e32203e976938c80271a9f865435b7ea903a8dc0b24e34e7b82d999542e3

    • SSDEEP

      24576:sAHnh+eWsN3skA4RV1Hom2KXMmHaqYTPyd+ez0pBTazbM5gMv45:Lh+ZkldoPK8YaqYU+4aBTaU5gMW

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks