General

  • Target

    BL-LADING#ATA-3678920.exe

  • Size

    1.2MB

  • Sample

    240612-g3rtcssgkj

  • MD5

    2e16ccbf4b88cdc9ee33e9567a4a57a8

  • SHA1

    e80afb7e7eddaa1a8c7e562c6adb08096b6eb3e6

  • SHA256

    a55772bb4850dfeb76f1779905b5e039be5d3bee5df8ed45a944fe875512ccce

  • SHA512

    97801be2ebbac0e75cb719863fa667a9dd966440cfc5293495d7e053cc39169dc4323a654bec720736ef4fd03397b19bb44875e2f52c837f49ea5074d23ea1cb

  • SSDEEP

    24576:qAHnh+eWsN3skA4RV1Hom2KXMmHaKvGoNitPXp5:9h+ZkldoPK8YaKXw7

Malware Config

Targets

    • Target

      BL-LADING#ATA-3678920.exe

    • Size

      1.2MB

    • MD5

      2e16ccbf4b88cdc9ee33e9567a4a57a8

    • SHA1

      e80afb7e7eddaa1a8c7e562c6adb08096b6eb3e6

    • SHA256

      a55772bb4850dfeb76f1779905b5e039be5d3bee5df8ed45a944fe875512ccce

    • SHA512

      97801be2ebbac0e75cb719863fa667a9dd966440cfc5293495d7e053cc39169dc4323a654bec720736ef4fd03397b19bb44875e2f52c837f49ea5074d23ea1cb

    • SSDEEP

      24576:qAHnh+eWsN3skA4RV1Hom2KXMmHaKvGoNitPXp5:9h+ZkldoPK8YaKXw7

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks