General

  • Target

    63967c45251f1094e81ae4859415409165b2d449d0dea56276b7d9523da3051d.rar

  • Size

    709KB

  • Sample

    240617-vsdqmsxale

  • MD5

    eb4489be93d5a163940004bd8ca9963b

  • SHA1

    fdead7824a2f0c8b7a037303f4d47782cc6e0eb5

  • SHA256

    63967c45251f1094e81ae4859415409165b2d449d0dea56276b7d9523da3051d

  • SHA512

    14dd46811780580f02019d11113ddf89590a014ee543c03d9753c035b33a6a3f5269d4ba72671c0af821a5868b143b963077866a0e844b9f807339012bedf31d

  • SSDEEP

    12288:7xX1nVEUkfP6iYw9r/ypwovrYawEHhLXXjbbsAUWwyWiJewMWnQn34SM93YtqtDz:7xX9qbKqTxk8ENH/bsAUWwViJRnQnooI

Malware Config

Targets

    • Target

      NEW ORDER.exe

    • Size

      1.2MB

    • MD5

      8cd947a7a778cc3ddfcf24afe58e3472

    • SHA1

      a6f8d0b06fac90b33a9c4af8c4a32eec0b0fb713

    • SHA256

      81eb8aa9b2226312d76e1bf196178ffd3bf4fa20f02de820451d4f654179655c

    • SHA512

      59e1bc3225cd23e74b08a685ba8c7671182875fc52683a36d6b76b7a033ab3c484d0a5c83d5244b2874635696366cebc2560e13fe61ff4dc99c48d333e46205b

    • SSDEEP

      24576:9AHnh+eWsN3skA4RV1Hom2KXMmHabkY7tSO9jl9pgJa8q+In5:ch+ZkldoPK8YabktO9jka84

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks