General

  • Target

    ecb481c8a4b459b75e7678555f28e7cd693d8d7a5798516d5c2f7c3c2f93cfb6.exe

  • Size

    1.1MB

  • Sample

    240609-l6nnbshh48

  • MD5

    ec3c46f793725d1ea03f9deb51455826

  • SHA1

    66579dc2c1dce7b893124701df33079518af4d4c

  • SHA256

    ecb481c8a4b459b75e7678555f28e7cd693d8d7a5798516d5c2f7c3c2f93cfb6

  • SHA512

    2dd8cd8a7135e1175b527346ffe0139b4698d28885fc6e004c8b6732d8090c1d080489aaf6896930728f43af256409d2031ff2f488cbd83cac9b1b934aaa6bc8

  • SSDEEP

    24576:1AHnh+eWsN3skA4RV1Hom2KXMmHaZembDaKjEhhTQ5XVkr5:kh+ZkldoPK8YaZembeKjEhFQJVM

Malware Config

Targets

    • Target

      ecb481c8a4b459b75e7678555f28e7cd693d8d7a5798516d5c2f7c3c2f93cfb6.exe

    • Size

      1.1MB

    • MD5

      ec3c46f793725d1ea03f9deb51455826

    • SHA1

      66579dc2c1dce7b893124701df33079518af4d4c

    • SHA256

      ecb481c8a4b459b75e7678555f28e7cd693d8d7a5798516d5c2f7c3c2f93cfb6

    • SHA512

      2dd8cd8a7135e1175b527346ffe0139b4698d28885fc6e004c8b6732d8090c1d080489aaf6896930728f43af256409d2031ff2f488cbd83cac9b1b934aaa6bc8

    • SSDEEP

      24576:1AHnh+eWsN3skA4RV1Hom2KXMmHaZembDaKjEhhTQ5XVkr5:kh+ZkldoPK8YaZembeKjEhFQJVM

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks