General

  • Target

    b97ca324b50c24c05c82b6ae51702cc8bedcd1474bb875099260559463683883.exe

  • Size

    1.2MB

  • Sample

    240612-chrweaydkq

  • MD5

    ab3fa137f1603d28a0c4f79d4bb4c418

  • SHA1

    d76a52558a2a30343a7e0595d3f951683db444a5

  • SHA256

    b97ca324b50c24c05c82b6ae51702cc8bedcd1474bb875099260559463683883

  • SHA512

    262a143884a62d1c161545efbbbd7f8ea14f55ed62fe65bf568d3a35ad5e3a82c4e456da8e8ee8d440043e91a9d59735cbd2fc121b4238a70f2993705142ef3f

  • SSDEEP

    24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaRI6pG0YhZ4WIT1QesUz+C7h5:qh+ZkldoPK8YaRI68SKesU1

Malware Config

Targets

    • Target

      b97ca324b50c24c05c82b6ae51702cc8bedcd1474bb875099260559463683883.exe

    • Size

      1.2MB

    • MD5

      ab3fa137f1603d28a0c4f79d4bb4c418

    • SHA1

      d76a52558a2a30343a7e0595d3f951683db444a5

    • SHA256

      b97ca324b50c24c05c82b6ae51702cc8bedcd1474bb875099260559463683883

    • SHA512

      262a143884a62d1c161545efbbbd7f8ea14f55ed62fe65bf568d3a35ad5e3a82c4e456da8e8ee8d440043e91a9d59735cbd2fc121b4238a70f2993705142ef3f

    • SSDEEP

      24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaRI6pG0YhZ4WIT1QesUz+C7h5:qh+ZkldoPK8YaRI68SKesU1

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Detect packed .NET executables. Mostly AgentTeslaV4.

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables referencing Windows vault credential objects. Observed in infostealers

    • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

    • Detects executables referencing many email and collaboration clients. Observed in information stealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks