General

  • Target

    quotationsheet.exe

  • Size

    703KB

  • Sample

    240603-lvhb6sae81

  • MD5

    d1e338f0c608088b7b5aa2e20c3df8ca

  • SHA1

    e27a61a67b4c103595135df9567cac7152d93765

  • SHA256

    d3b852f73cf956335e5cd16bcf94d255065c04b13dc9efb34fe52fdfe6ffed2d

  • SHA512

    2664e688950b24991784c62c7e898f23d4d95b8847122add721ce1e88030b84456c54394ea23488d840009a74032d799db004af9ffe9e352f5abb02061ca9b97

  • SSDEEP

    12288:nbhdAAU3oYkb4oGrX52fAXAxySliLh4oIhoBIBAjdHU5TCsnX+phDqM9FDv:nHAZo1FiJWAQGLCoIK6AFiGsO7D9v

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7225809616:AAEt7H1sHiGor6_FJDBNVWoXF_3jTIBVboA/

Targets

    • Target

      quotationsheet.exe

    • Size

      703KB

    • MD5

      d1e338f0c608088b7b5aa2e20c3df8ca

    • SHA1

      e27a61a67b4c103595135df9567cac7152d93765

    • SHA256

      d3b852f73cf956335e5cd16bcf94d255065c04b13dc9efb34fe52fdfe6ffed2d

    • SHA512

      2664e688950b24991784c62c7e898f23d4d95b8847122add721ce1e88030b84456c54394ea23488d840009a74032d799db004af9ffe9e352f5abb02061ca9b97

    • SSDEEP

      12288:nbhdAAU3oYkb4oGrX52fAXAxySliLh4oIhoBIBAjdHU5TCsnX+phDqM9FDv:nHAZo1FiJWAQGLCoIK6AFiGsO7D9v

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks