General

  • Target

    LOADER_1.5.exe

  • Size

    3.5MB

  • Sample

    240617-qafeaswcrk

  • MD5

    6c31778cb80fff6ec7b7452726fbbfe2

  • SHA1

    4711c23fe341761258cf12144309598502eebc06

  • SHA256

    ba53b6ac7682df750e116312a66eed76f2386b1351e6e8018b85098e2277c563

  • SHA512

    a822796aa0591b18c9abcdb7b4c892ea7937d78f3238c06031f6655a1622a3a037982328ade0878960db771b8c9c7f9128e239c0c391b704878d529a273bc722

  • SSDEEP

    98304:Ka6EdThs72slZS1qmo8ovUPtNjt+IT4bNJFY3OqtTJa6E:KWNsZCqmo8oMPtVojBHY9

Malware Config

Targets

    • Target

      LOADER_1.5.exe

    • Size

      3.5MB

    • MD5

      6c31778cb80fff6ec7b7452726fbbfe2

    • SHA1

      4711c23fe341761258cf12144309598502eebc06

    • SHA256

      ba53b6ac7682df750e116312a66eed76f2386b1351e6e8018b85098e2277c563

    • SHA512

      a822796aa0591b18c9abcdb7b4c892ea7937d78f3238c06031f6655a1622a3a037982328ade0878960db771b8c9c7f9128e239c0c391b704878d529a273bc722

    • SSDEEP

      98304:Ka6EdThs72slZS1qmo8ovUPtNjt+IT4bNJFY3OqtTJa6E:KWNsZCqmo8oMPtVojBHY9

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • AgentTesla payload

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Registers COM server for autorun

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks