General

  • Target

    SecuriteInfo.com.W32.AutoIt.YE.gen.Eldorado.23897.15373.exe

  • Size

    1.2MB

  • Sample

    240612-dww8qazcmf

  • MD5

    359d3e96ff4d7d9134950f306a2df9db

  • SHA1

    022d3dbd94f36564f5bfc9da8846c6db3cc3c096

  • SHA256

    8e85642be9336d213c4656c277dee5d9ee751ea822f33becb7c310506f058073

  • SHA512

    c12c770b40f1287ec215a1a6955efe2f09bcbd53e57f061f85af9e8bf5b87f4fc113508dd3a3334f8e22bbc45a0bc2b02b5499cb6f44f633f0ffaaaec671e00e

  • SSDEEP

    24576:lAHnh+eWsN3skA4RV1Hom2KXMmHa8dIkziSlhSgQkY5:Uh+ZkldoPK8Ya8dIkPSd

Malware Config

Targets

    • Target

      SecuriteInfo.com.W32.AutoIt.YE.gen.Eldorado.23897.15373.exe

    • Size

      1.2MB

    • MD5

      359d3e96ff4d7d9134950f306a2df9db

    • SHA1

      022d3dbd94f36564f5bfc9da8846c6db3cc3c096

    • SHA256

      8e85642be9336d213c4656c277dee5d9ee751ea822f33becb7c310506f058073

    • SHA512

      c12c770b40f1287ec215a1a6955efe2f09bcbd53e57f061f85af9e8bf5b87f4fc113508dd3a3334f8e22bbc45a0bc2b02b5499cb6f44f633f0ffaaaec671e00e

    • SSDEEP

      24576:lAHnh+eWsN3skA4RV1Hom2KXMmHa8dIkziSlhSgQkY5:Uh+ZkldoPK8Ya8dIkPSd

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks