General

  • Target

    INVOICE PAYMENT_Scan0016.scr.exe

  • Size

    546KB

  • Sample

    240618-qxcxpazeml

  • MD5

    ca6a93a429257f7203112e5311ca5b01

  • SHA1

    6ab678c5318042c710d59b7e4b1623c20759f8b7

  • SHA256

    0ec17a88232be3356c93b0b0eae5acf6a53332fe13e6881d627bea4f2963e6d6

  • SHA512

    4d04c05cdcb96f1f465f355c12418de016b12ec2bffd74b086712b75e0777388ebc2183e16c545d73ac42e38a085a18209c37653bfd41b3fbededfcb42ed7dfd

  • SSDEEP

    3072:r6Fvnr8xWdvz6m6yQIIDOkbBybvN7jO++qTh3kSkPAxS5oRN:runr11zT2IIDR9ybvdqYgoR

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      INVOICE PAYMENT_Scan0016.scr.exe

    • Size

      546KB

    • MD5

      ca6a93a429257f7203112e5311ca5b01

    • SHA1

      6ab678c5318042c710d59b7e4b1623c20759f8b7

    • SHA256

      0ec17a88232be3356c93b0b0eae5acf6a53332fe13e6881d627bea4f2963e6d6

    • SHA512

      4d04c05cdcb96f1f465f355c12418de016b12ec2bffd74b086712b75e0777388ebc2183e16c545d73ac42e38a085a18209c37653bfd41b3fbededfcb42ed7dfd

    • SSDEEP

      3072:r6Fvnr8xWdvz6m6yQIIDOkbBybvN7jO++qTh3kSkPAxS5oRN:runr11zT2IIDR9ybvdqYgoR

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks