General

  • Target

    5dce4eaea9fd880061d4b09bc17560aac84b7550828e7a13c776e4eb573ccb1c

  • Size

    1.1MB

  • Sample

    240619-cxtnjssckg

  • MD5

    5b186325e5ddd47e4ca938b63760b38a

  • SHA1

    ff94195d2845a11215bf74b895cccb090041a7d7

  • SHA256

    5dce4eaea9fd880061d4b09bc17560aac84b7550828e7a13c776e4eb573ccb1c

  • SHA512

    02f241793035e38165c43d98edee6dfc488c82f0d76b1332593f1aa7159eca672ee76373897006916a66a4590b7339bf3573348b7108b220feabbca11c2519d9

  • SSDEEP

    24576:PAHnh+eWsN3skA4RV1Hom2KXMmHafXoHr2fofXSDiktjj5:yh+ZkldoPK8YafiKSDk3

Malware Config

Targets

    • Target

      5dce4eaea9fd880061d4b09bc17560aac84b7550828e7a13c776e4eb573ccb1c

    • Size

      1.1MB

    • MD5

      5b186325e5ddd47e4ca938b63760b38a

    • SHA1

      ff94195d2845a11215bf74b895cccb090041a7d7

    • SHA256

      5dce4eaea9fd880061d4b09bc17560aac84b7550828e7a13c776e4eb573ccb1c

    • SHA512

      02f241793035e38165c43d98edee6dfc488c82f0d76b1332593f1aa7159eca672ee76373897006916a66a4590b7339bf3573348b7108b220feabbca11c2519d9

    • SSDEEP

      24576:PAHnh+eWsN3skA4RV1Hom2KXMmHafXoHr2fofXSDiktjj5:yh+ZkldoPK8YafiKSDk3

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks