General

  • Target

    JP_Order IMG_PO 00844138 - No. 2400228341_pdf.exe

  • Size

    3.2MB

  • Sample

    240612-he9jyatakf

  • MD5

    1c9ab100099e544b4b60e206211d07db

  • SHA1

    0ef441f8542a21729c5dae3fe1965ac85efa61ba

  • SHA256

    266bc45186c33092a506a6d36dce1a2f2f07dbff50d2d09dbd7ebd82b8894398

  • SHA512

    3ed38ccb71b9054e2091934f671302421ed9d0257ea1360372d90ed4ba42d179b6d83bc360633610ee6ac5c68821310e2eac667d852e91dfd3c0dfb11f26409b

  • SSDEEP

    49152:iVs5urLO7ffMKkU+efWBH7DSTEfdebYazMxgFzfYIZvC0DI:OrnHeNHlC

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      JP_Order IMG_PO 00844138 - No. 2400228341_pdf.exe

    • Size

      3.2MB

    • MD5

      1c9ab100099e544b4b60e206211d07db

    • SHA1

      0ef441f8542a21729c5dae3fe1965ac85efa61ba

    • SHA256

      266bc45186c33092a506a6d36dce1a2f2f07dbff50d2d09dbd7ebd82b8894398

    • SHA512

      3ed38ccb71b9054e2091934f671302421ed9d0257ea1360372d90ed4ba42d179b6d83bc360633610ee6ac5c68821310e2eac667d852e91dfd3c0dfb11f26409b

    • SSDEEP

      49152:iVs5urLO7ffMKkU+efWBH7DSTEfdebYazMxgFzfYIZvC0DI:OrnHeNHlC

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks