General

  • Target

    DCP.exe

  • Size

    1.2MB

  • Sample

    240618-qsc2wszcqn

  • MD5

    9eee6e759aa62dc10f9e4d0cd55b7e18

  • SHA1

    c18117e48721af4739df0a3956488ee65c78dc09

  • SHA256

    c33d326096071fd9b4dfc0c5668d7b5452814a994811942cabe97ec4de15b1a4

  • SHA512

    d1043cdb4a5ad85b49a3eaaf39c09b66f38be16aeeacd99afae60098783474110d54429b171bd8ea0fc3e4ff9ae26b2151bd986c11d6cc589357ab6c563986d2

  • SSDEEP

    24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaT087B3+tZPtQSeWGkq5:qh+ZkldoPK8YaTd0DfeWi

Malware Config

Targets

    • Target

      DCP.exe

    • Size

      1.2MB

    • MD5

      9eee6e759aa62dc10f9e4d0cd55b7e18

    • SHA1

      c18117e48721af4739df0a3956488ee65c78dc09

    • SHA256

      c33d326096071fd9b4dfc0c5668d7b5452814a994811942cabe97ec4de15b1a4

    • SHA512

      d1043cdb4a5ad85b49a3eaaf39c09b66f38be16aeeacd99afae60098783474110d54429b171bd8ea0fc3e4ff9ae26b2151bd986c11d6cc589357ab6c563986d2

    • SSDEEP

      24576:3AHnh+eWsN3skA4RV1Hom2KXMmHaT087B3+tZPtQSeWGkq5:qh+ZkldoPK8YaTd0DfeWi

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks