General

  • Target

    QUOTATION_JUNQTRA031244·PDF.scr.exe

  • Size

    2.0MB

  • Sample

    240618-k5la5swhmd

  • MD5

    6fed3897ec33eb7c9687521f27230d4f

  • SHA1

    91fe908aaf50fd87341aef1205b011c6f62fee7f

  • SHA256

    12a342b6a487518d9a0bd13adf3503b14b524d712351a48da4a3eea32ea24e40

  • SHA512

    50b8890e609e0044d5a95e255c43772c0a24b80dac86e7980dcd6b2f23a72b518d285d7985d67302c19015c16ceffa70fcad0d14b77a3d3012fcb7ac008a12bd

  • SSDEEP

    24576:rTsNDdDlnAh8b1XX0qIwjERO98EZ7F5jXGYp:rTsNDdZnhyXo5jXL

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      QUOTATION_JUNQTRA031244·PDF.scr.exe

    • Size

      2.0MB

    • MD5

      6fed3897ec33eb7c9687521f27230d4f

    • SHA1

      91fe908aaf50fd87341aef1205b011c6f62fee7f

    • SHA256

      12a342b6a487518d9a0bd13adf3503b14b524d712351a48da4a3eea32ea24e40

    • SHA512

      50b8890e609e0044d5a95e255c43772c0a24b80dac86e7980dcd6b2f23a72b518d285d7985d67302c19015c16ceffa70fcad0d14b77a3d3012fcb7ac008a12bd

    • SSDEEP

      24576:rTsNDdDlnAh8b1XX0qIwjERO98EZ7F5jXGYp:rTsNDdZnhyXo5jXL

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks