General

  • Target

    PO00211.exe

  • Size

    1.1MB

  • Sample

    240618-q8jvdawfqa

  • MD5

    b7734a54a4a6abe4bc2cab83472890b6

  • SHA1

    dade3889244137a51358082055facca8ca0de2d8

  • SHA256

    a02bbd9bc3479d4045279ab08d9823a0b5520659562368d9ec4557f2abda41bb

  • SHA512

    98122a0e349c31785fbea53f1ce341e2dde266b689603ed0ec879d714084da6e434c8209f5dcf9934fb7107b320264f3d773c92df48aa08cca53958f5fb93bc2

  • SSDEEP

    24576:PAHnh+eWsN3skA4RV1Hom2KXMmHaSwith3X4NpY05:yh+ZkldoPK8YaSwy3qpD

Malware Config

Targets

    • Target

      PO00211.exe

    • Size

      1.1MB

    • MD5

      b7734a54a4a6abe4bc2cab83472890b6

    • SHA1

      dade3889244137a51358082055facca8ca0de2d8

    • SHA256

      a02bbd9bc3479d4045279ab08d9823a0b5520659562368d9ec4557f2abda41bb

    • SHA512

      98122a0e349c31785fbea53f1ce341e2dde266b689603ed0ec879d714084da6e434c8209f5dcf9934fb7107b320264f3d773c92df48aa08cca53958f5fb93bc2

    • SSDEEP

      24576:PAHnh+eWsN3skA4RV1Hom2KXMmHaSwith3X4NpY05:yh+ZkldoPK8YaSwy3qpD

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks