General

  • Target

    QUOTATION_JUNQTRA031244úPDF.scr.exe

  • Size

    369KB

  • Sample

    240617-pmq6ws1ajf

  • MD5

    b14219b407f8e7157630be68efb1a2f9

  • SHA1

    ecf28b415ba7268a4833199ecbe1709c0865fbc4

  • SHA256

    22b76fd4d712a0717c2414df1d3b0ea8bcec2be55e99d281c691aeee660a1c38

  • SHA512

    4b0fb8f2800b8a70e116725e4fa37444799e0f3b03938a4610f1595ab0cb1bc35d494515bf73cc07c03d4843cbdccd86006e36ba34325cf6b49057e46662cd75

  • SSDEEP

    384:eOznT8nqqXWud5oApXzn06CjFN8P3YsU6fCWYA8S/hs/EasofOh/Q0RbnqMGt/Ev:JznTEqqXWusgjdM8sSct9ApqNSb

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      QUOTATION_JUNQTRA031244úPDF.scr.exe

    • Size

      369KB

    • MD5

      b14219b407f8e7157630be68efb1a2f9

    • SHA1

      ecf28b415ba7268a4833199ecbe1709c0865fbc4

    • SHA256

      22b76fd4d712a0717c2414df1d3b0ea8bcec2be55e99d281c691aeee660a1c38

    • SHA512

      4b0fb8f2800b8a70e116725e4fa37444799e0f3b03938a4610f1595ab0cb1bc35d494515bf73cc07c03d4843cbdccd86006e36ba34325cf6b49057e46662cd75

    • SSDEEP

      384:eOznT8nqqXWud5oApXzn06CjFN8P3YsU6fCWYA8S/hs/EasofOh/Q0RbnqMGt/Ev:JznTEqqXWusgjdM8sSct9ApqNSb

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks