General

  • Target

    ATT00001.bin.iso

  • Size

    1.6MB

  • Sample

    240618-rseq6axeld

  • MD5

    bba1ad65c320fdc3f7998d80338bdac8

  • SHA1

    22e8d59682b84dbb0d4a5f41935f8745e9623275

  • SHA256

    20c1bb710bcceb6f3860d3c070c3087d7d5001499aa0733382230b30d9e43b63

  • SHA512

    a8e97758f2d17b14edf28e26a107a8ccc19915aa579645870492d0dc1b8fd0f108be36f99383d8b29adfbbec5f8f25bc0bc602f06392754932965e3222640107

  • SSDEEP

    24576:sAHnh+eWsN3skA4RV1Hom2KXMmHak3+H/xSPFvm5:Lh+ZkldoPK8Yakg5aa

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Orders.exe

    • Size

      1.1MB

    • MD5

      4361072f736089c4e2c5b7a6b4083ccb

    • SHA1

      3e3ea721cca3b00510b5b43e48214c8a47e0f9f9

    • SHA256

      0152f354bb063c566b9725d0962832e5324922c1592870c8b5b25789ccf1d636

    • SHA512

      dc4562c16c2873b9d7e7d229c13bf6e225e025ba4d8a3e664608c542c97473aa061d045608833b0854eb37f27673cc167af332204a5551e4ca58a9a28ff4df06

    • SSDEEP

      24576:ZAHnh+eWsN3skA4RV1Hom2KXMmHak3+H/xSPFvm5:gh+ZkldoPK8Yakg5aa

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks