General

  • Target

    Quotation.txz

  • Size

    1.2MB

  • Sample

    240617-m2eejaxflf

  • MD5

    4bf546e32a96e43d66913b572d597a18

  • SHA1

    a2ac5a29925495326ab21ecc108640e7dd06d504

  • SHA256

    8cfe41a4158f684f5622d96b353e4a31193612a630bb246abc19034858fe37b7

  • SHA512

    00923faf6b670ccd8ed2ebce3a363587d8f3e770db02bb8b4a1066efa2fc6210d0126a8ee4892ea4b94388aa309ba579aabecfb3c055975750e55a2d4c93cd63

  • SSDEEP

    24576:5RAuFdYtT2AS9WZlT7itwj7Qadz2vZevpR65eKnudCeXVYgnBdgORDgqPpfh7:5RhdrAZ6Cj7HdzUehRhKnuEwY+gONh

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Quotation.exe

    • Size

      2.8MB

    • MD5

      a6fcb6660402049ede78d633f0d4f658

    • SHA1

      4a9d4d85dbeb51aec3c29df3c2559777ba146baa

    • SHA256

      f627bfaa3a8e557f23ed6e5eab7da26f0afedcad9b09115ea8c849b36790366e

    • SHA512

      331bab4b4193fdcf2f878c9db6b39ee2a3f7f474e10ff1afb02c35d4f29ab6238d83191e6ca79169861a8a2b52728c2af1e31d04635d861c0668b3e0fafe41b0

    • SSDEEP

      49152:GgpOmgDQ06m3N051GXdJCXw5Y9ehUwM1A8KfwosYbuHS:QDDe4RhKHOuH

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks