General

  • Target

    ORDEN DE COMPRA OI 15969 - OI 15975.exe

  • Size

    1.0MB

  • Sample

    240612-g4xe8ssgmb

  • MD5

    58702e61bc3312403f93f3cde87efe5e

  • SHA1

    744571e4a9147ca107b35dafd7c22955d987e39d

  • SHA256

    7d7d34382b3cceb6642cd716cf9c0755d63309491c0e8206da2fea04f0ed4dee

  • SHA512

    b8d81afbd774d98e03f44408edf30cbc534bfcee3582070d169aaecb575fbda39886ca2919b1a29d03668b60173489043665d8f122dba8554a9318ba6d71829e

  • SSDEEP

    24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHak40deGtq+UGQeK5:gh+ZkldoPK8Yak40deGtbUV7

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      ORDEN DE COMPRA OI 15969 - OI 15975.exe

    • Size

      1.0MB

    • MD5

      58702e61bc3312403f93f3cde87efe5e

    • SHA1

      744571e4a9147ca107b35dafd7c22955d987e39d

    • SHA256

      7d7d34382b3cceb6642cd716cf9c0755d63309491c0e8206da2fea04f0ed4dee

    • SHA512

      b8d81afbd774d98e03f44408edf30cbc534bfcee3582070d169aaecb575fbda39886ca2919b1a29d03668b60173489043665d8f122dba8554a9318ba6d71829e

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHak40deGtq+UGQeK5:gh+ZkldoPK8Yak40deGtbUV7

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks