General

  • Target

    Remittance Advice.exe

  • Size

    586KB

  • Sample

    240619-lncs4ssepr

  • MD5

    acb0acfc7c97d9cdbe9bcd8deccc2113

  • SHA1

    7e57a316d051a2c560783e59bb7d5ebe658380f4

  • SHA256

    cfe669ff40d1958d9566346fb1875fd88f910a4e8cdde92de5ade9a5e9b08f02

  • SHA512

    939989e86506c7bfb5f2b8effda4432924ed3a291aa4da064bbf4fb8953b8b4b063108f91bff131fd046e46c9f5d0e8b60b8190828f38b8ef5627900531a8a9d

  • SSDEEP

    12288:fYV6MorX7qzuC3QHO9FQVHPF51jgcQjA71nXExRjnpM7B:sBXu9HGaVHLBXExNqF

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      Remittance Advice.exe

    • Size

      586KB

    • MD5

      acb0acfc7c97d9cdbe9bcd8deccc2113

    • SHA1

      7e57a316d051a2c560783e59bb7d5ebe658380f4

    • SHA256

      cfe669ff40d1958d9566346fb1875fd88f910a4e8cdde92de5ade9a5e9b08f02

    • SHA512

      939989e86506c7bfb5f2b8effda4432924ed3a291aa4da064bbf4fb8953b8b4b063108f91bff131fd046e46c9f5d0e8b60b8190828f38b8ef5627900531a8a9d

    • SSDEEP

      12288:fYV6MorX7qzuC3QHO9FQVHPF51jgcQjA71nXExRjnpM7B:sBXu9HGaVHLBXExNqF

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks