General

  • Target

    17062024_1644_17062024_Zahlung.rar

  • Size

    657KB

  • Sample

    240617-t9ajwawclh

  • MD5

    48175cb17f80ef92e8c352736224bf70

  • SHA1

    f3f6e81c6983f3ed423d50e24d0ed7349cdc74c9

  • SHA256

    f043b74dd626834df14072aee21cdbad12b06085347250d8e81397277175b614

  • SHA512

    5e552fd9fbdb241050acf0cefbb7c71fffc8b1c5487ef2d7d290645b0b88f774d630d84fbf31d2a41a64a2136aba0bdc946f61e26c5bdd976ee801c35c2d0208

  • SSDEEP

    12288:nHLHoyJ3z5xjm74OtLhyRq0Kld8lIICieHxHpNeFFlcDqbaca:nb/dxjSjjP0KlUC5NYcDDca

Malware Config

Targets

    • Target

      Zahlung.exe

    • Size

      1.1MB

    • MD5

      e943b414bd144ca2b31d14538bba561c

    • SHA1

      620667c51ffe854b6584c9d26e4c42623621e5a9

    • SHA256

      0e1e4938f829e6a6812c2b3f8ec8a0fbeaa7f8935c472921e332023fbbf953c4

    • SHA512

      63dcbecd15cc7930ff42d6996114e54a69f0f9343ac10501448df7fa7502fb6e4d3b349424a056f960b66724b0273bed03d0aec573609911bedf6cee691d4747

    • SSDEEP

      24576:3AHnh+eWsN3skA4RV1Hom2KXMmHai3+BHBM1FMFei5:qh+ZkldoPK8Yai3XFMFv

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks