General

  • Target

    NaZonWare.exe

  • Size

    2.1MB

  • Sample

    240609-ld8g2ahd67

  • MD5

    9162db3de83e2f17b1960cf7c376e213

  • SHA1

    0249763f1ded61a5267a80181cf8fd41875f75e0

  • SHA256

    f19ae8751b7a32b1de3c927af4035dcf1d3977f859a1ae97ad54cdf835d3f99b

  • SHA512

    93fc9758770a6479b625735c1ad27174a2db5c40e410e3a257aa48908d6c29d977c55c0ed0925f7d5c8a7555351c7f4a00d216e42229b5d4d1e7f8ffc418d489

  • SSDEEP

    49152:/tSdD2ppmuYITYbNbNWo4kSH3OqtwIrkqXfd+/9AqYaR:/4hIT4bNJFY3Oqt3kqXf0FnYe

Malware Config

Targets

    • Target

      NaZonWare.exe

    • Size

      2.1MB

    • MD5

      9162db3de83e2f17b1960cf7c376e213

    • SHA1

      0249763f1ded61a5267a80181cf8fd41875f75e0

    • SHA256

      f19ae8751b7a32b1de3c927af4035dcf1d3977f859a1ae97ad54cdf835d3f99b

    • SHA512

      93fc9758770a6479b625735c1ad27174a2db5c40e410e3a257aa48908d6c29d977c55c0ed0925f7d5c8a7555351c7f4a00d216e42229b5d4d1e7f8ffc418d489

    • SSDEEP

      49152:/tSdD2ppmuYITYbNbNWo4kSH3OqtwIrkqXfd+/9AqYaR:/4hIT4bNJFY3Oqt3kqXf0FnYe

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks